Paul Sinclair 

My Apple Developer account was hacked today. Email changed. Phone numbers changed. Apps being transferred without my consent. 8 apps. My entire business at risk. Has anyone dealt with this? How did you recover? @Apple @AppleSupport #BuildInPublic Please RT 🙏

🤯

@juanjovn @CihadTurhan @alpennec @ChrisKruegerDev They take three days to review an update but an app transfer is instantly approved, okk igg….

@ORIPIK1 @CihadTurhan @alpennec @ChrisKruegerDev I transferred two apps and it was surprisingly quite fast. Within an hour both and the process was pretty straightforward.

How this can even technically happen? Please you all guys, review and double check all your security settings.

@CihadTurhan @alpennec @ChrisKruegerDev @juanjovn They managed it in about 30 minutes, which was completely insane. I was surprised by how quickly it happened; I’ve never done an app transfer so I wasn’t familiar with the process. However, it’s absolutely true they did it in about 30 minutes…

@alpennec @ChrisKruegerDev @juanjovn Ok it took 3 days. There is a human review.

@alpennec @CihadTurhan @ChrisKruegerDev @juanjovn During an Apple call on Saturday, the app was transferred in about 30 minutes. I can share a screenshot via DM since he accessed the account and removed all related emails.

@CihadTurhan @ChrisKruegerDev @juanjovn Thank you for sharing! This is strange then. @ORIPIK1 you haven’t received any email that would have warned you about the app transfer request?

@_appcartel @Apple @AppleSupport Still figuring it out, but session cookie hijacking is on the table. Steal a valid auth cookie, replay the session and 2FA becomes completely irrelevant. No password needed. 😕

@ORIPIK1 @Apple @AppleSupport How did they gain access without 2FA?

My Apple Developer account was hacked today. Email changed. Phone numbers changed. Apps being transferred without my consent. 8 apps. My entire business at risk. Has anyone dealt with this? How did you recover? @Apple @AppleSupport #BuildInPublic Please RT 🙏

@offscriptcheryl @anumness @Apple @AppleSupport Sure!!

@ORIPIK1 @anumness @Apple @AppleSupport Omg this is scary. Please keep us posted on the resolution here.

@alpennec @juanjovn Thank you so much Axel! It really means a lot to me. You have no idea how much I appreciate it. Tomorrow starts my first day, report + apple developer support💪

@juanjovn I'm really sorry for @ORIPIK1. I've shared the story with a friend at Apple, we'll see!

Anyone can give a hand with this? It’s just insane and scary af 😰

@_artcc_ @juanjovn btw no descarto que haya sido openclaw. si pulsa un enlace malicioso sin darte cuenta, te roba la cookie y game over

mi apuesta es session cookie hijacking. alguien robó una auth cookie válida, replicó la sesión y el 2FA quedó completamente irrelevante. ni contraseña necesitó también pinta que clonaron mi password vault, así que no es solo una cuenta llevamos 48h en modo supervivencia, como la cuarentena pero en digital. revisando sesiones, rotando credenciales, cerrando accesos uno a uno mañana lunes denuncia + soporte developer de apple. los fines de semana no hay línea telefónica así que aquí seguimos 💀 ni en las películas de miedo, terrible...

nope. used apple's official site only but here's the thing: i got the SMS *before* changing my password. attacker already had access at that point my bet? session cookie hijacking. steal a valid auth cookie, replay the session, 2FA is completely irrelevant. no credentials needed maybe also cloned my password vault. still tracing the initial vector, possibly a malicious link clicked somewhere without realizing it 💀

@ORIPIK1 @Apple @AppleSupport Did you get a link with your 2FA code? Did you use the link to change your password?

@bil0090 @anumness @Apple @AppleSupport Thank you sou much 🤍

Prob the root cause was a suspicious link you opened on your work laptop that stole all your cookies Happened to me once with this X account Thankfully X support helped immediately I know the feeling you have, its terrifying Just calm down everything is hopefully gonna be solved GL 🫡

@twannl @Apple @AppleSupport Thank you so much Antoine ❤️ Let’s see how it develops.

@ORIPIK1 @Apple @AppleSupport I got a confirmation it’s flagged internally at Apple via my contacts. Can’t do more from this point, truly hope it helps 🙏🏻

@AlgoCloudz @Apple @AppleSupport Yes, MFA enabled.

@ORIPIK1 @Apple @AppleSupport SMS 2FA code?

@MikeKhristo @filippkowalski @Apple @AppleSupport 🥷

@ORIPIK1 @filippkowalski @Apple @AppleSupport Now they’re coming for me

@BenToFound @Apple @AppleSupport I have contacted Developer Support from a different account, waiting for their response. What's the best way to reach Apple Business Support directly?

@ORIPIK1 @Apple @AppleSupport This is genuinely terrifying. 8 apps is your whole livelihood. Have you tried escalating through Apple business support rather than consumer? Sometimes getting through to the developer relations team directly moves faster. Hope you get it sorted quickly.

@twannl @Apple @AppleSupport It means a lot, truly appreciate it. I'll keep you all updated. 🤍

@ORIPIK1 @Apple @AppleSupport That’s exactly why I think we need to take this serious. DM sent to Apple, I’ll keep you posted

@sikorskymark @ruchernchong @Apple @AppleSupport Also, I emailed them from a different account.

Already called. 50 minutes on the phone, they remoted into my PC, and they guide me to literally try Forgot Password, I couldn't reset because the recovery number was changed by the attacker. Literally told me "we can't help you, contact Developer Support." Developer phone support doesn't work on weekends. Trust me the first thing was calling them.

@hey_hulya @Apple @AppleSupport I did, but i guess i have not been fast enough :(

@ORIPIK1 @Apple @AppleSupport Two days ago, I got a notification that someone tried to login to my account. I changed the password asap, but i don't know what happened exactly.

@nc_coffee_guy @Apple @AppleSupport Sure, i'll update as soon i have news from Developer Support.

@ORIPIK1 @Apple @AppleSupport This is the literal definition of a nightmare. Sorry you are dealing with this. Please share the outcome.