SEA hacks Viber messaging app, claims it's spying on users
The pro-Assad hacking group Syrian Electronic Army has followed up its apparent hack of the Tango messaging app (and the Daily Dot), with another purported hack, this time of Viber, another messaging system.
The group appears to have only hacked the support page (it remains offline), which it replaced with a statement saying, “Dear All Viber Users, The Israeli-based ‘Viber’ is spying and tracking you We weren’t able to hack all Viber systems, but most of it is designed for spying and tracking.”
London-based Viber has an R&D office in Israel.
In April we wrote about a possible vulnerability in Viber’s system that could allow a hacker to access the Android phones that carried the app. This does not seem to be related to the SEA’s accusations.
The screenshots released by the group served to illustrate how they had hacked Viber’s database. What they had hacked, said officials from the company quoted on TechCrunch, was Viber’s customer support system.
Among the information stolen were the phone numbers, IP addresses, device types, OS type and version, and registration dates of an undeclared number of users. Viber has about 200,000 users globally.
This attack, like other recent actions by the group, was a simple phishing expedition.
“Today the Viber Support site was defaced after a Viber employee unfortunately fell victim to an email phishing attack,” the company told 9to5Mac. “The phishing attack allowed access to two minor systems: a customer support panel and a support administration system.”
No sensitive user data was exposed, said the company and its databases were not hacked.
As for spying, “Viber, like many other companies such as Microsoft, Cisco, Google, and Intel maintains a development center in Israel,” according to the company. “It seems like this caused some people to come up with some pretty bizarre conspiracy theories.”