In a rather embarrassing screw up, some developers are receiving report emails from Search Ads Basics featuring details for apps that aren’t theirs. This includes information that is usually confidential such as number of installs from the ad campaign as well as how much was spent.
There doesn’t seem to be any kind of systemic Apple ID hack; it just looks like a buggy email daemon is sending out the wrong information to different people.
In the past, iTunes Connect bugs have allowed developers to sign in to other people’s accounts. This issue does not seem as severe although it still poses a small security risk and obviously reveals sensitive business information for app reports that are being sent to the wrong recipients.
The errant emails send out summaries of Search Ads Basic performance for January, such as CPI, app downloads and total spend for the month. For those affected, it is not possible to gain access to the originating account so most critical information remains confidential.
I received a January report today for my own apps but my email was accurate, so it isn’t affecting everyone, but by no means is it an isolated case. Here’s just some of the tweets from developers saying they received information intended for someone else’s eyes: