The hacker who recently accessed encrypted data from Apple’s developer center website claims he found and reported 13 bugs to the company, but that he has no intention of accessing or using the encrypted user data. He claims he obtained the data while trying to see “how deep” he could go. It was Ibrahim Balic, who identified himself as a “security researcher” who attempted to point out serious issues to Apple about its Dev Center website. His comments were made in response to an admission by Apple on Sunday that its developer website was hacked.
In the security breach, sensitive personal information included on the registered developer’s website was encrypted and Apple believed that the information could not be accessed. Balic suggested that he has been able to obtain some user details as evidence to Apple of an apparent security flaw. According to Balic, he found a total of 13 bugs on Apple’s site, one of which gave him access to user information. He claims to have taken 73 user details, all of whom were Apple employees, and given them to the company as an example.
Roughly four hours after Balic gave the user data to Apple, the company shut down its Dev Center website. The outage began last Thursday and has remained in place since then, while Apple has worked “around the clock” in an effort to patch the apparent security issues. The public comments Balic made were apparently made in an effort to clear his name as he said he’s “not feeling very happy” about how the situation has been portrayed and also expresses his concern about potential legal action against him. He wrote the following as part of his comment:
I did not done this research to harm or damage. I didn't attempt to publish or have not shared this situation with anybody else. My aim was to report bugs and collect the datas for the porpoise (sic) of seeing how deep I can go within this scope.
I will be deleting all the datas I have, only got these datas to see just how deep I can go. Also have informed Apple before taking these datas.