Tag: viber hacked

Viber: hacked by the Syrian Electronic Army, Again!

Published on by Elie ChahineLeave a comment

Internet companies beware, hackers are out in full force this month. In the past two weeks, we’ve seen Apple’s Dev Center hacked, several Instagram accounts hacked, and the popular voice and messaging service Viber attacked.

Viber claims, though, that the damage it suffered from its breach was minimal, saying the attacker only gained access to two minor support systems. But a quick glance at its App Store description suggests that wasn’t the case…

Earlier this evening, 9to5Mac pointed to the App Store description of Viber’s popular iOS app, which had clearly been defaced. The attackers replaced the text with “We created this app to spy on you, PLEASE DOWNLOAD IT!”

The site was able to grab a screenshot before the description was restored:

From a distance, it looks like this could be related to Apple’s Dev Center attack, but it’s not likely. 9to5Mac’s Mark Gurman suggests the hackers could have gained access to Viber’s iTunes Connect account using a phishing scam.

From the company’s initial statement on the hack:

“Today the Viber Support site was defaced after a Viber employee unfortunately fell victim to an email phishing attack. The phishing attack allowed access to two minor systems: a customer support panel and a support administration system. Information from one of these systems was posted on the defaced page.

It is very important to emphasize that no sensitive user data was exposed and that Viber’s databases were not “hacked”. Sensitive, private user information is kept in a secure system that cannot be accessed through this type of attack and is not part of our support system.

But my problem here is that Viber hasn’t been very transparent about the attack. Sure, they claim that there was no sensitive user data exposed. But they also said the hack was limited to two minor systems, which it obviously wasn’t.

As a long-time user, I think the company has some more explaining to do.

Viber was initially hacked on Tuesday, July 23rd, by the Syrian Electronic Army. The group claims the Israeli-based firm, which hosts 200 million users worldwide, is “spying and tracking” its users, and says folks should stay away.