返回 登录
0

Apple开发者网站被入侵,敏感信息可能泄露

阅读3302
https://news.ycombinator.com/item?id=6080620
Apple的开发者网站上周起数天都无法正常访问,官方的说法是维护。由于时间太长,Marco Arment等资深开发者就怀疑网站估计出了安全问题。

果不其然,周日Apple在一封发给开发者的邮件中表示,上周四开发者网站被入侵,注册开发者的姓名、电子邮件地址和通信地址等可能泄露。

全文如下:
Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website. Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers’ names, mailing addresses, and/or email addresses may have been accessed. In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around the clock since then.

In order to prevent a security threat like this from happening again, we’re completely overhauling our developer systems, updating our server software, and rebuilding our entire database. We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon.

其中一会儿说信息已经加密无法访问,一会儿又说无法排除有些开发者的个人信息已经被获取,因此HN上有人嘲笑说:
嗯,明白了,我们不应该被侮辱的智商,被侮辱了。

另外有同学质疑虽然密码应该是加密的,但信用卡信息往往是明文存放,这事儿可不小。但也有技术人员告知,信用卡可以通过计费网关传token,无需明文。

这次事件的严重程度到底如何,感觉Apple公司的透明度还不够。
评论