Apple’s Dev Center went down on Thursday causing issues for developers around the world. The system remained down for three days and is still currently unavailable.
Many developers began suspecting a security incident after many received unauthorized password change emails on their accounts.
An hour ago developers finally received a communication from Apple confirming these fears, there has been a breach of data. As a result of the breach Apple is overhauling the developer systems, meaning more downtown for developers.
This brings up an interesting question regarding single points of failure in the mobile application distribution system. When one component goes down, or is breached in this case it affects the entire ecosystem.
We hear a lot about mobile apps and devices being hacked, however as I have stated before that is small potatoes when compared to the treasure trove of the back-end systems that power mobile applications and services.
What is the point of hacking one person’s phone when there are entire app store infrastructures to target?
Update 7/22/2013 12:16PM: There is speculation that the breach was the result of exploiting a recent vulnerability in Struts 2 (CVE-2013-2251)
- Consequences Matter, Assets Don’t – At First…
- Advanced Log Intelligence Enables Faster Breach Detection
- Five Quick Wins from Verizon’s 2013 Data Breach Investigations Report
- Getting the Jump on Data Dumps with CounterDump
P.S. Have you met John Powers, supernatural CISO?