iPhoneDevSDK Site Hack Led To The Apple and Facebook Attacks


Yesterday, we reported that a site called iPhoneDevSDK was responsible for infecting Apple and Facebook employees computers which led to the companies networks being infiltrated by hackers. Now, iPhoneDevSDK owner Ian Sefferman has shared some information in a blog post about how the Apple and Facebook employees computers were compromised, and what the site is doing to fix the problem and vulnerability.

What we’ve learned is that it appears a single administrator account was compromised. The hackers used this account to modify our theme and inject JavaScript into our site. That JavaScript appears to have used a sophisticated, previously unknown exploit to hack into certain user’s computers.

We’re still trying to determine the exploit’s exact timeline and details, but it appears as though it was ended (by the hacker) on January 30, 2013.

As with Facebook, it’s important to stress that we have no reason to believe user data was compromised.

At this time, we would not recommend visiting the iPhoneDevSDK site for your own computer’s safety.

We will continue to monitor this story and will update you with any new information.