Security researcher Ibrahim Balic has come forward and claimed responsibility for this weekend’s Apple developer website exploit.
Apple notified developers yesterday that hackers had forced their way in to the Apple developer portal. It was believed that the hackers did not have access to any sensitive material such as source code for applications, but that mailing addresses, names, and email addresses had been compromised. In a comment on TechCrunch Ibrahim Balic claimed that it was in fact he who had gained access to this data:
In total I have found 13 bugs and have reported through http://bugreport.apple.com. The bugs are all reported one by one and Apple was informed. I gave details to Apple as much as I can and I’ve also added screenshots.
One of those bugs have provided me access to users details etc. I immediately reported this to Apple. I have taken 73 users details (all apple inc workers only) and prove them as an example.
White hat hackers do tend to operate like this: they hack in to systems, and then notify the company of exploitable holes in the security system. It’s a grey area of the law, though many would argue that he was doing it in good faith.