If you attempt to access iTunes Connect this morning, you’ll find that the site has been temporarily taken down. This is due to a number of reports flooding in from developers stating that when attempting to log in, they were being redirected to the wrong accounts.
Screenshots began to be shared on Twitter, as you can see from the examples below, with some of the accounts that were compromised having been developed by large companies and small, indie developers.
The following set of screenshots shows the different accounts that were accessed consecutively from the same user at 8:20 a.m., 8:40 a.m. and 8:46 a.m.
Having begun around 8 a.m. Pacific Time, users were being mismatched to other accounts and being shown other apps from completely different developers.
But while other developers’ apps were being displayed, attempting to take further action resulted in an “Unable to Process Request” error and a redirect to the proper account, according to MacRumors. Sales and payment information for the mismatched account did not seem to be accessible during this bug.
The error, however, allowed developers to see private email addresses and other details of people they were logged in as, presenting the issue as a major security concern. It’s unclear whether the login error allowed developers to actually make changes to others’ accounts.
Apple has yet to comment on the situation but it does not look good for the brand who just recovered from a major iCloud hack last year.
iTunes Connect is a hub for iOS and Mac software makers, allowing for the sale of developed apps on the iOS and Mac App Stores.