Several accounts showed Russian contact info

Sep 7, 2017 09:48 GMT  ·  By

Apple’s developer portal suffered an unexpected anomaly today when several of its accounts (with some sources claiming all) being updated with home address information pointing to a location in Russia.

Given the several months-long debates regarding possible cyberattacks launched by Russian hackers against a number of targets in the United States, it was believed that Apple suffered a breach.

But in a statement released after the information was restored, Apple explains that it was all caused by a bug in its own systems, and no hack attack was actually experienced.

“Due to a bug in our account management application, your address information was temporarily displayed incorrectly in your account details on the Apple Developer website,” the company said.

“The same incorrect address was displayed to all affected developers. The underlying code-level bug was quickly resolved and your address information now shows correctly. There was no security breach and at no time were the Apple Developer website, applications, or services compromised; nor were any of your Apple Developer membership details accessed by, shared with, or displayed to anyone.”

Signs of a breach

Oddly enough, part of the blunder looked a lot like a hack. For example, some users had their accounts’ addresses changed to “bul. Novatorov, Saint-Petesburg, Leningrad, 198216, Russian Federation.” The “Saint-Petesburg” spelling error was quickly noticed by many and caused even more concerns, as the bad English is something that typically reveals scams and cyberattacks.

Apple hasn’t provided any specifics as to how many accounts had their home addresses changed to the location in Russia, but at the time of publishing this article, everything appears to be running normally, with the bug already fix entirely.

The last time when Apple’s developer website was breached by hackers was in 2013 when names, mailing addresses and email addresses were exposed. Apple said at that time that personal information was encrypted and secured, though the website was taken down for maintenance for several days.