A website that Apple uses to communicate with its community of some 6 million software developers remained shuttered on Monday, four days after a cyberattack that prompted a harried upgrade to prevent future breaches.
It was not immediately clear what data, if any, was been compromised by the attack.
Apple said in a notice released late on Sunday that names, mailing addresses and emails may have been accessed by unknown attackers. It added that "sensitive personal information" was encrypted and could not be accessed.
Security experts said Apple's brief statement made it difficult to assess the severity of the breach.
"I am not exactly sure what happened. I do not know what to make of this," said Charlie Miller, author of the iOS Hacker's Handbook.
Miller said he received an email from Apple on Monday warning him about the breach, adding that he hoped none of his personal information had been compromised in an attack.
Still, he said he had not seen any indications that suggest other attacks on Apple could soon follow.
"I don't think this indicates any system problems in their security," he said.
Data breaches are relatively common because hackers are constantly identifying new ways to attack by exploiting software bugs and leveraging mistakes in the way companies configure websites and computer systems. Hackers are also relentless in sending emails with malicious links and attachments to targeted companies.
Security experts speculated that the site may have been attacked using one of several widely known security bugs in web technology, but there seemed to be no consensus.
A man claiming to be a Turkish security researcher posted a video on YouTube and sent out comments on Twitter saying that he was responsible for the attack on Apple's developer site and had done so in a bid to publicize a security bug.
Apple declined comment on his claim, which could not be independently verified. The man could not be reached for comment.
Other corporate victims of recent security breaches include: Evernote, LinkedIn Corp, LivingSocial and Sony.
Apple said in its statement to developers that it was completely overhauling the technology on the shutdown site, which it hoped would soon be back online.
It may be in hot demand as developers are writing and testing apps to run on iOS 7, the next-generation operating system for iPhones and iPads that Apple is planning to release in the fall.
It was the second security breach that the company has disclosed in five months. In February, the maker of Macs and iPhones said that some Mac computers had been infected by hackers who had also attacked Facebook and other technology companies.
It was not immediately clear what data, if any, was been compromised by the attack.
Apple said in a notice released late on Sunday that names, mailing addresses and emails may have been accessed by unknown attackers. It added that "sensitive personal information" was encrypted and could not be accessed.
Security experts said Apple's brief statement made it difficult to assess the severity of the breach.
"I am not exactly sure what happened. I do not know what to make of this," said Charlie Miller, author of the iOS Hacker's Handbook.
Miller said he received an email from Apple on Monday warning him about the breach, adding that he hoped none of his personal information had been compromised in an attack.
Still, he said he had not seen any indications that suggest other attacks on Apple could soon follow.
"I don't think this indicates any system problems in their security," he said.
Data breaches are relatively common because hackers are constantly identifying new ways to attack by exploiting software bugs and leveraging mistakes in the way companies configure websites and computer systems. Hackers are also relentless in sending emails with malicious links and attachments to targeted companies.
Security experts speculated that the site may have been attacked using one of several widely known security bugs in web technology, but there seemed to be no consensus.
A man claiming to be a Turkish security researcher posted a video on YouTube and sent out comments on Twitter saying that he was responsible for the attack on Apple's developer site and had done so in a bid to publicize a security bug.
Apple declined comment on his claim, which could not be independently verified. The man could not be reached for comment.
Other corporate victims of recent security breaches include: Evernote, LinkedIn Corp, LivingSocial and Sony.
Apple said in its statement to developers that it was completely overhauling the technology on the shutdown site, which it hoped would soon be back online.
It may be in hot demand as developers are writing and testing apps to run on iOS 7, the next-generation operating system for iPhones and iPads that Apple is planning to release in the fall.
It was the second security breach that the company has disclosed in five months. In February, the maker of Macs and iPhones said that some Mac computers had been infected by hackers who had also attacked Facebook and other technology companies.
No comments:
Post a Comment