Apple patches another major security hole in its website that allowed access to all developer personal information
Imagine our surprise when an email from a complete stranger showed up in our tips box containing the personal contact information—including cell phone numbers—of several 9to5Mac staffers, as well as a few high ranking Apple executives.
Last night Apple pulled the Developer Center offline for maintenance, but as is usually the case, no noticeable changes were visible when it came back up. As it turns out, the company was patching a very serious security breach that was discovered over the weekend, allowing anyone to access the personal contact information for every registered iOS, Mac, or Safari developer; every Apple Retail and corporate employee; and some key partners.
The issue was discovered by developer Jesse Järvi and brought to our attention on Saturday. A video of the exploit is below. We ensured that the problem was reported to Apple and ran it up the ladder. Due to the critical nature of the problem, we would never reveal this type of flaw to the public until it had been dealt with and we had contacted Apple . As of last night, the hole has been patched. Keep reading for the full details of how the breach was executed and exactly what information was at risk.