The Hacker News is reporting that communications app “Viber” has been hacked by the Syrian Electronic Army, a “pro-Assad hacker group”. In addition, their support webpage was defaced before the company took the page down. Support.Viber.com currently leads to a “403 Forbidden” page.
The webpage placed by the SEA stated:
It is unclear if the SEA is planning on using this information or if their sole intention was to expose the tracking information stored in Viber’s database. Each record in the database stores the UDID and IP address of each call, however, one may presume this information is stored for purposes other than tracking and spying on its own users (e.g. presenting the data to the proper law enforcement authorities upon request).
The Israeli-based “Viber” is spying and tracking you
We weren’t able to hack all Viber systems, but most of it is designed for spying and tracking
Screenshot of a hacked system: [screenshot]
We’ve asked Viber to comment about the scope of the hacking and defacing and will update this post if new information arises.
Update: Viber has responded to our request for comment:
Update 2: The maker’s of Viber’s customer service helpdesk software Kayako have responded to the situation as well, noting that it is an isolated situation and the email phishing was the vulnerability that allowed for the hacking.
It is very important to emphasize that no sensitive user data was exposed and that Viber’s databases were not “hacked”. Sensitive, private user information is kept in a secure system that cannot be accessed through this type of attack and is not part of our support system.
We take this incident very seriously and we are working right now to return the support site to full service for our users. Additionally, we want to assure all of our users that we are reviewing all of our policies to make sure that no such incident is repeated in the future.
Source: THN (warning: do not click on the Mirror of Hack link on that page, as Google Chrome suspects malware is embedded) Via: AppleSpot