Earlier this morning, Viber confirmed reports that it was hacked by the Syrian Electronic Army, an outfit that is pro-Syrian government, backed by President Bashar al-Assad. This is the second time the SEA has hacked into a mobile App in the last 4 days.
Viber is a VoIP mobile app that lets its users connect, send texts, images, videos and also talk over the internet. In a statement, Viber officials clarified that only their support website was affected, and they were “minor” damages. The website was defaced when an employee fell victim to an email phishing attack that accessed the Viber customer support panel and a support administration system. Officials have affirmed that no sensitive or private user-information was compromised. This data is kept in a secure system which is not a part of the support system, and that they cannot by hacked in this manner, they said.
As is their modus operandi the SEA owned up to the hack via Twitter, they appeared to have defaced the support website and further claimed that Viber was being used for spying and tracking.
Viber clearly denied any such allegations and responded by saying that it has its development centre at Israel just like several other companies (Microsoft, Cisco, Google, etc.) and that this was not reason enough to make allegations or “bizarre conspiracy theories”. They have out rightly denied these claims and pronounced them completely without merit.
Reports say that the SEA was able to access websites if they are running on an outdated version of WordPress(web publishing tool). This was a vulnerability that the SEA exploited in its previous attacks – Truecaller and the Tango website (a mobile messaging app). However much is left to be known on how they target and hack into systems.
We will be updating the story as and when we get more information.