

iTunes Connect Issue Logging Developers into Other Accounts - sachalep
http://techcrunch.com/2015/01/29/itunes-connect-issue-logging-developers-into-other-accounts/

======
United857
It's interesting to compare Apple and Google. Talent-wise, Apple has always
been a "front-end" focused company, and they've now had several fiascos when
they've started to get into "back-end"/cloud stuff (this, iCloud privacy leak,
etc...)

In contrast, similarly Google had been a "back-end" focused company, and their
first few versions of Android were horrible and clunky compared to iOS (but
they've improved a lot).

------
eknkc
It's such a bad fuck up that it would justify someone pulling power cables
from all iTunes Connect servers to disable access.

------
charlesdm
That is one major (excuse my language) fuck up.

------
dham
logged into another app. Then refreshed and got this.

'use strict'; define(function () { var itcApp = angular.module('itcApp',
['ngRoute', 'routeResolverServices', 'angularFileUpload', 'global_services',
'global_directives', 'global_filters', 'form_elements', 'ngCookies',
'angulartics', 'angulartics.adobe.analytics', 'ngSanitize',
'pasvaz.bindonce']); itcApp.config(['$routeProvider', 'routeResolverProvider',
'$controllerProvider', '$compileProvider', '$filterProvider', '$provide',
'$httpProvider', '$locationProvider', '$cookiesProvider',
'$analyticsProvider', '$sceDelegateProvider', function ($routeProvider,
routeResolverProvider, $controllerProvider, $compileProvider, $filterProvider,
$provide, $httpProvider, $locationProvider, $cookiesProvider,
$analyticsProvider, $sceDelegateProvider) { $routeProvider.when('/', {
template: '<div></div>', controller: ['$window', function ($window) {
$window.location.href = '/WebObjects/iTunesConnect.woa'; }] }).otherwise({
redirectTo: '/' }); }]); return itcApp; });

So they load all of Angular then redirect to another page?

------
julien_c
What were the security implications for an entity that has applications there?

Anything we should check or change as soon as iTunes Connect is back up?

~~~
Aqua_Geek
Somebody mentioned that trying to perform actions on the apps would error out,
so it seems more like an information leakage issue.

That being said, when it come back online I'm definitely going to go through
all my apps.

~~~
xuki
Check your users as well. Someone could have created an account.

------
crgt
It's back up but it's still broken. When I log in with account X, I see the
apps associated with account X. Within My Apps, and within Payments, I see the
apps associated with account X. BUT. When I tap Sales & Trends, I see data for
account Y. It's also one of mine, but it's associated with completely
different Apple IDs and user names. I am able to navigate back and forth
through the different sections of iTC and get a bizzaro merger of the two
accounts. The Sales & Trends sections seems to be powered by
[https://reportingitc2.apple.com/](https://reportingitc2.apple.com/)? and
that's when I end up on an incorrect account. Scary.

------
mik3y
Saw it firsthand, it was like account roulette for about 5-10 minutes. Then
someone hit the big red button around 11:50a eastern.

Smells like something messed up in their session or caching layers..

------
fnayr
Probably has to do with them trying to finally release the analytics they were
supposed to release in Fall 2014.

------
stevebot
god damn, and posting the images to twitter.

