November 5, 2024
Security Researcher Takes Credit For Breach in Apple Developer Center

Security Researcher Takes Credit For Breach in Apple Developer Center

Posted July 22, 2013 at 2:23pm by iClarified
Security Researcher Ibrahim Balic has taken credit for breaching Apple's Developer Center portal. Balic claims the breach was not intended to be malicious and even reported all 13 bugs that could ultimately leave the Developer Center exposed.

After reporting all the bugs to Apple, Balic wanted to see the extent of the breach and was able to get a hold of account details for more than 100,000 users. He has released the details of 73 of the accounts (own employees) to Apple as evidence.

My name is ibrahim Balic, I am a security researcher. You can also search my name from Facebook’s Whitehat List. I do private consulting for particular firms. Recently I have started doing research on Apple inc. In total I have found 13 bugs and have reported through http://bugreport.apple.com. The bugs are all reported one by one and Apple was informed. I gave details to Apple as much as I can and I’ve also added screenshots.


One of those bugs have provided me access to users details etc. I immediately reported this to Apple. I have taken 73 users details (all apple inc workers only) and prove them as an example.

4 hours later from my final report Apple developer portal gas closed down and you know it still is. I have emailed and asked if I am putting them in any difficulty so that I can give a break to my research. I have not gotten any respond to this… I have been waiting since then for them to contact me, and today I’m reading news saying that they have been attacked and hacked. In some of the media news I watch/read that whether legal authorities were involved in its investigation of the hack. I’m not feeling very happy with what I read and a bit irritated, as I did not done this research to harm or damage. I didn’t attempt to publish or have not shared this situation with anybody else. My aim was to report bugs and collect the datas for the porpoise of seeing how deep I can go within this scope. I have over 100.000+ users details and Apple is informed about this. I didn’t attempt to get the datas first and report then, instead I have reported first.

I do not want my name to be in blacklist, please search on this situation. I’m keeping all the evidences, emails and images also I have the records of bugs that I made through Apple bug-report.


Balic claims he will be deleting any data he has and all data accessed was only for educational purposes, as it was reported to Apple immediately.


Read More via TheNextWeb


Add Comment
Would you like to be notified when someone replies or adds a new comment?
Yes (All Threads)
Yes (This Thread Only)
No
iClarified Icon
Notifications
Would you like to be notified when we post a new Apple news article or tutorial?
Yes
No
Comments (6)
You must login or register to add a comment...
Abit SOYLU
Abit SOYLU - July 23, 2013 at 11:20am
His first language is not English so it's fine that he has problem with grammar
gamerscul9870
gamerscul9870 - July 23, 2013 at 6:16am
porpoise? Do you mean purpose?
The Voice Of Reason
The Voice Of Reason - July 22, 2013 at 6:17pm
I don't mean to be a hardass, but regardless of his intentions and whether he informed Apple of the bugs or not, what he did is still illegal. People can't simply penetrate a system and take private data "for educational reasons". Just like I can't walk into the bank vault and take out money just because nobody is looking, even if I return the money and say "I just wanted to see if I could". Dude, let's grow up here.
Mikael
Mikael - July 22, 2013 at 3:13pm
But i don't understand why this is so big news.. with that information he got you can´t do a thing right? it´s only mailadresses and username, not passwords or any content at all right?
Besart
Besart - July 22, 2013 at 2:51pm
You should be awarded from Apple, this is a big help for them of course if they appriciate it. Lets hope you dont get your name in blacklist. Cheers
Whatamidoinghere
Whatamidoinghere - July 23, 2013 at 7:41am
Awarded?? Really?? He HACKED into Apple!! It affected thousands!! He said he had access to thousands!! because he reported the bugs isn't the point! He HACKED A WORLDWIDE BUSSINESS!!!
Recent. Read the latest Apple News.
RECENT
Tutorials. Help is here.
TUTORIALS
Where to Download macOS Sonoma
Where to Download macOS Ventura
AppleTV Firmware Download Locations
Where To Download iPad Firmware Files From
Where To Download iPhone Firmware Files From
Deals. Save on Apple devices and accessories.
DEALS