Apple’s Dev Center went down on Thursday causing issues for developers around the world. The system remained down for three days and is still currently unavailable.

Many developers began suspecting a security incident after many received unauthorized password change emails on their accounts.

An hour ago developers finally received a communication from Apple confirming these fears, there has been a breach of data. As a result of the breach Apple is overhauling the developer systems, meaning more downtown for developers.

This brings up an interesting question regarding single points of failure in the mobile application distribution system. When one component goes down, or is breached in this case it affects the entire ecosystem.

We hear a lot about mobile apps and devices being hacked, however as I have stated before that is small potatoes when compared to the treasure trove of the back-end systems that power mobile applications and services.

What is the point of hacking one person’s phone when there are entire app store infrastructures to target?

Update 7/22/2013 12:16PM: There is speculation that the breach was the result of  exploiting a recent vulnerability in Struts 2  (CVE-2013-2251)

Apple's Developer Center Breached

 

Related Articles:

 

P.S. Have you met John Powers, supernatural CISO?

Categories: , , IT Security and Data Protection,

Tags: , , , ,


Leave a Reply

Ken Westin

Ken Westin has contributed 118 posts to The State of Security.

View all posts by Ken Westin >