Olivia
Online
Paul Sinclair
@ORIPIK1
🧑🏼💻 iOS / Android / Mobile Developer
📲 Mobile Development
🚀 Computer Science
🌟 Swift / SwiftUI
Joined March 2013
389 Following
1.3K Followers
1.5K Posts
Pinned Tweet
My Apple Developer account was hacked today.
Email changed. Phone numbers changed. Apps being transferred without my consent.
8 apps. My entire business at risk.
Has anyone dealt with this? How did you recover? @Apple @AppleSupport #BuildInPublic
Please RT 🙏
🤯
Yay! I was rewarded $15,000 bounty from Apple.
Account takeover via App Store 👀
#bugbounty #cybersecurity #pentesting
@juanjovn @CihadTurhan @alpennec @ChrisKruegerDev They take three days to review an update but an app transfer is instantly approved, okk igg….
@CihadTurhan @alpennec @ChrisKruegerDev @juanjovn They managed it in about 30 minutes, which was completely insane. I was surprised by how quickly it happened; I’ve never done an app transfer so I wasn’t familiar with the process. However, it’s absolutely true they did it in about 30 minutes…
@alpennec @CihadTurhan @ChrisKruegerDev @juanjovn During an Apple call on Saturday, the app was transferred in about 30 minutes. I can share a screenshot via DM since he accessed the account and removed all related emails.
@_appcartel @Apple @AppleSupport Still figuring it out, but session cookie hijacking is on the table. Steal a valid auth cookie, replay the session and 2FA becomes completely irrelevant. No password needed. 😕
My Apple Developer account was hacked today.
Email changed. Phone numbers changed. Apps being transferred without my consent.
8 apps. My entire business at risk.
Has anyone dealt with this? How did you recover? @Apple @AppleSupport #BuildInPublic
Please RT 🙏
mi apuesta es session cookie hijacking. alguien robó una auth cookie válida, replicó la sesión y el 2FA quedó completamente irrelevante. ni contraseña necesitó
también pinta que clonaron mi password vault, así que no es solo una cuenta
llevamos 48h en modo supervivencia, como la cuarentena pero en digital. revisando sesiones, rotando credenciales, cerrando accesos uno a uno
mañana lunes denuncia + soporte developer de apple. los fines de semana no hay línea telefónica así que aquí seguimos 💀
ni en las películas de miedo, terrible...
nope. used apple's official site only
but here's the thing: i got the SMS *before* changing my password. attacker already had access at that point
my bet? session cookie hijacking. steal a valid auth cookie, replay the session, 2FA is completely irrelevant. no credentials needed
maybe also cloned my password vault. still tracing the initial vector, possibly a malicious link clicked somewhere without realizing it 💀
@BenToFound @Apple @AppleSupport I have contacted Developer Support from a different account, waiting for their response. What's the best way to reach Apple Business Support directly?
Already called. 50 minutes on the phone, they remoted into my PC, and they guide me to literally try Forgot Password, I couldn't reset because the recovery number was changed by the attacker. Literally told me "we can't help you, contact Developer Support." Developer phone support doesn't work on weekends. Trust me the first thing was calling them.
Last Seen Users on Sotwe
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.6M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers