Ibrahim Balic: I hacked Apple’s developer website and have over 100K developers’ user details
Ibrahim Balic made the statement, along with a video allegedly detailing the breaches, in a comment on TechCrunch's story about the hack.
VentureBeat is following up with both Balic and Apple and will update this story as we learn more.
It's difficult to ascertain whether Balic's statements are true. He has since made the YouTube video private, claiming on Twitter that he had to show it initially to prove that he had penetrated Apple's security but that it showed "confidential information."
the video is now removed from youtube, i apologise for sharing some of the confidential information, i had to, to proof the blames wrong
— ibrahim BALİÇ (@ibrahimbalic) July 22, 2013
Balic says he informed Apple of the issues, with screenshots and details, via Apple's bug reporting page, but he said he's received no answer. Four hours after his last post, Apple shut down the developer site. He has since e-mailed Apple but still received no response.
4 hours later from my final report Apple developer portal gas closed down and you know it still is. I have emailed and asked if I am putting them in any difficulty so that I can give a break to my research. I have not gotten any respond to this… I have been waiting since then for them to contact me, and today I'm reading news saying that they have been attacked and hacked. In some of the media news I watch/read that whether legal authorities were involved in its investigation of the hack. I'm not feeling very happy with what I read and a bit irritated, as I did not done this research to harm or damage. I didn't attempt to publish or have not shared this situation with anybody else. My aim was to report bugs and collect the datas for the porpoise of seeing how deep I can go within this scope. I have over 100.000+ users details and Apple is informed about this. I didn't attempt to get the datas first and report then, instead I have reported first.
Balic's story seems a little strange, not least because English is obviously his second language. But he first says, "I have taken 73 users details, all apple inc workers only, and prove them as an example" and then later clearly states that "I have over 100,000+ users details and Apple is informed about this."
Typically, white hat researchers do not actually access or copy user details. And there's a major difference between accessing 73 to prove a breach and copying 100,000-plus. That's much more serious and much more concerning for every Apple developer as well as Apple itself.
Balic hasn't updated his blog since Jan. 31. Clearly, he's had a lot of time to poke around Apple's sites and find holes. Just as clearly, however, he's aware of what a major hornet's nest he's kicked over, and is wishing that it could all just be over:
thank you for all critiques and supports hope everyone understood my intention and that this event will be over without any damage 2 anyone
— ibrahim BALİÇ (@ibrahimbalic) July 22, 2013
Reviewed by Kratos Olympian
on
15:56
Rating:
No comments:
Comment Policy
We’re eager to see your comment. However, Please Keep in mind that all comments are moderated manually by our human reviewers according to our comment policy, and all the links are nofollow. Using Keywords in the name field area is forbidden. Let’s enjoy a personal and evocative conversation.