Viber Support Defaced By Syrian Electronic Army for “Spying and Tracking” Users

The hacking saga began this week with Tango and now Viber has joined the ranks of those websites and services compromised by the Syrian Electronic Army, alongside the Twitter accounts of various news outlets.

Earlier today, The Hacker News reported that Viber’s support subdomain had been defaced with a “Hacked by Syrian Electronic Army” banner and an apparent screenshot of a device database.

“Dear All Viber Users [sic], the Israeli-based ‘Viber’ is spying and tracking you,” reads a message at the top. “We weren’t able to hack all Viber systems, but most of it is designed for spying and tracking.”

Since then, the page has been taken down by Viber, who confirmed the attack:

“Today the Viber Support site was defaced after a Viber employee unfortunately fell victim to an email phishing attack. The phishing attack allowed access to two minor systems: a customer support panel and a support administration system. Information from one of these systems was posted on the defaced page.

No sensitive user data was exposed and Viber’s databases were not “hacked”.

It is very important to emphasize that no sensitive user data was exposed and that Viber’s databases were not “hacked”. Sensitive, private user information is kept in a secure system that cannot be accessed through this type of attack and is not part of our support system.

We take this incident very seriously and we are working right now to return the support site to full service for our users. Additionally, we want to assure all of our users that we are reviewing all of our policies to make sure that no such incident is repeated in the future.”

It’s not yet clear how much information was gathered from Viber’s 200 million plus users, nor if it was as large an information gather as Tango, which had 1.5TB worth of user information compromised, information that the Syrian Electronic Army vowed to hand over to the Syrian government.

The information accessed was very basic according to Viber

The screenshot posted on Viber’s site today shows a list of phone numbers with accompanying device IDs, IP addresses, operating system and which version of Viber was used. Viber has reported that the information accessed was quite basic, however:

The data is quite basic – we want to know when user registered, where from (country), device type (helps us understand who uses Viber, detect problems, etc), UDID is an internal ID (not the Apple UDID), push token is used to communicate with users (but cannot be used by a 3rd party), etc. While this is not the most sensitive data (message content, address book, etc), we are disappointed that hackers were able to gain access to these systems. We are working, as we speak, to make sure that this will not happen again.

The system that was breached is our CSR (Customer Support). Supporters need access to this data to help users with various technical issues. Most app developers would provide their supporters with similar data.

We’ll update this story as more information comes available.

  • Edward Not From Twilight

    Well after PRISM, I wouldn’t be surprised if Viber was spying on its users. I just don’t trust “official” stories anymore.

  • Yazzie

    None of our messaging apps are as safe as we thought. I wonder how long it will take for WhatsApp to be hacked.

    • TomHanksStuntDouble

      If you ever thought these apps were 100% safe, you probably shouldn’t be using them. Just saying.

  • iFan

    Scary world keeps getting scarrier

  • icantseemytoes

    Viber hacked? Tango hacked? Nimbuzz hacked in your “You May Also Like” section above? :O

  • http://www.viber.com/ Viber

    Hi,
    I’m an official representative from Viber.

    As explained in the article, no sensitive user data was exposed and that Viber’s
    databases were not “hacked”. Sensitive, private user information is
    kept in a secure system that cannot be accessed through this type of attack and
    is not part of our support system.

    We are reviewing all of our policies to make sure that no such incident is
    repeated in the future.

    If you have any more questions/doubts, please feel free to let us know :)

    Thanks,

    The Viber Team

    • http://www.trutower.com/author/josh_nay/ Josh Robert Nay

      Thanks for the clarification! :) I’ve also updated the article title.

  • Armando Dias

    does viber store conversations? if yes for how long?

    • http://www.viber.com/ Viber

      Viber does not store conversations – neither calls nor text messages.