Related Links

Related Stories

Top 5 Stories


iOS and Android VoIP Service Viber Hacked by Syrian Electronic Army

24 July 2013

The pro-Assad hacking group Syrian Electronic Army (SEA) yesterday defaced the Viber subdomain and pasted a screenshot of user information supposedly taken from a breached database.

The defacement, now removed and replaced by a 403 Forbidden notice, said, "The Israeli-based 'Viber' is spying and tracking you. We weren't able to hack all Viber systems, but most of it is designed for spying and tracking." The inclusion of a screenshot containing user information is designed to confirm the accusation.

Meanwhile, SEA also posted a tweet saying, "Warning: If you have 'Viber' app installed we advise you to delete it." A link pointed to the defaced page.

Viber has since issued a statement explaining the breach and suggesting the hack was not as serious as SEA has indicated. The breach occurred "after a Viber employee unfortunately fell victim to an email phishing attack. The phishing attack allowed access to two minor systems: a customer support panel and a support administration system. Information from one of these systems was posted on the defaced page."

Viber goes on to stress that no sensitive user data was compromised and the data held in the hacked support system is just basic user data of the type needed to provide support. But Viber does not dismiss the incident. "We take this incident very seriously and we are working right now to return the support site to full service for our users. Additionally, we want to assure all of our users that we are reviewing all of our policies to make sure that no such incident is repeated in the future."

From the information so far available there is nothing to support SEA's claim that Viber tracks its users and stores the type of data that intelligence agencies would like to access. It may be that SEA's motive with the claim and subsequent Twitter warning that users should delete the app is simply to do as much damage to Viber as possible. The ball is now in SEA's court to provide more proof than it has so far.

This article is featured in:
Data Loss  •  Internet and Network Security  •  Wireless and Mobile Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×