Apple’s developer site is still down following a very public hacking attack by Ibrahim Balic last week, in which he downloaded over 100,000 developers’ private contact information. But Balic finally has what he wanted all along: recognition from Apple for his efforts.
Balic said he found 13 bugs in Apple software and only penetrated the company’s developer website as a proof of concept to show Apple how vulnerable it was after Apple failed to respond to his initial bug reports.
Now, Balic says he’s happy to finally have gotten a response from Apple — and he seems to want to lay the matter to rest:
Apple’s response looks fairly automated, and barely qualifies as a response. It simply notes that a security analyst has reviewed Balic’s bug reports and that Apple is investigating the issues. Interestingly, the message is dated July 22, despite the fact that Apple took the site down last week and informed developers on Sunday, July 21.
I would expect some more substantive response from Apple, likely when the company brings its developer website back up. Hopefully for Balic that response will not come in the form of a legal charge, but it would not be unlike Apple to pursue the hacking and theft of personal data in a court of law, even in Balic’s native Turkey.
Typically, Apple — and all companies — prefer to settle security and privacy matters quietly, without public scrutiny. Security researchers, however, often find they can’t get companies’ attention without going public.
At least this email is some sort of confirmation that Balic provided Apple a level of public service by disclosing the vulnerabilities.
Which brings up the real question:
What kind of hacker uses Outlook as his email client?