Viber App Hacked By Syrian Electronic Army

Posted July 23, 2013 at 6:19pm by iClarified | Please help us and submit a translation by clicking here | 17593 views

Viber, a popular messaging app, has been hacked by the Syrian Electronic Army. The news comes just days after the same group of hackers accessed the database of the Tango messaging app.

The group defaced the support site and posted a message acknowledging that "We weren't able to hack all Viber systems". They also alleged the service was designed for spying and tracking; however, there is no evidence to suggest this and the screenshots posted only contain device information that would be necessary for messaging app to retain.

The hackers did say that "Some backups were downloaded successfully" but it's unclear what or how much user information has been compromised.

Viber has since taken down it's site and is presumably working to address the hack. They responded with the following message.

Today the Viber Support site was defaced after a Viber employee unfortunately fell victim to an email phishing attack. The phishing attack allowed access to two minor systems: a customer support panel and a support administration system. Information from one of these systems was posted on the defaced page.

It is very important to emphasize that no sensitive user data was exposed and that Viber’s databases were not “hacked”. Sensitive, private user information is kept in a secure system that cannot be accessed through this type of attack and is not part of our support system.

We take this incident very seriously and we are working right now to return the support site to full service for our users. Additionally, we want to assure all of our users that we are reviewing all of our policies to make sure that no such incident is repeated in the future.

Viber's support software is powered by Kayako, which more than 30,000 companies use world wide. They have issued the following statement to iClarified and have assured us that this issue seems to be an isolated issue as no other customers have been affected.

The security of our customers' helpdesks and data is our highest priority. As Viber said in their statement, this looks to be an isolated compromise of an individual's account. Even so, we have taken the precautionary measure of auditing our systems. At this time we have no reason to believe that any other Kayako system or customer has been affected and we will continue to monitor the situation.

Read More [via]

Add Comment
Marcus1571 - July 25, 2013 at 9:26am
Let me get this straight. Other than these SEA folks being super pissed off at anything even remotely Israeli for ramified cultural reasons (let's diplomatically leave it at that), what exactly do you hope to discover by hacking a support database in a website??? The full list of its users? The whiny requests for help posted over the months? Maybe the users' emails and even more maybe the phone numbers? Because you sure as hell not going to find our messages, both parties involved here confirmed they are kept in an isolated subsystem. So these SEA, go in (FACT), steal all they can about this helpdesk database/forum (FACT), including the emails and phonenbers of the admins (FACT and if I may: uuuuuhhhh big deal!!!): and all this in "yulia" and apparently (word of the day!) only yulia's mind is proof that Viber is: 1. Stealing 2. Conspiring or already selling info to nobody knows who 3. Spying Seriously: explain to me how?! How can anybody spy on my phone or email just by magically knowing them (other than the email company, phone company or NSA). They just have "a name" (like I give my real one in any forum!) an email (again, forum created email for me) and my phone number. And that's it! I put this info in that support forum (hypothetically speaking), as I do in tens of other forums. So all this still doesn't explain squat, other than empiric proof of the banal blind hatred these SEA have for Israel. All we know is that these info are now in the hands of these SEA folks and I personally don't trust them with even half my email. Have we all switched off our brains here? Are we really at the point where the moment we read that a snotty hacker have passed a firewall we stop thinking and start fabricating dreamy scenarios of digital heroes fighting a necessary evil beacuse bigger Goliath (if I may borrow from the Bible)? WhatsApp, Fring, Viber, Skype, Tango, Dropbox, ...: all started as startup created by starry eyed adventurous young people that decided they had the ideas and the guts to challenge the behemoths of the current industry. So it was for Apple vs IBM, a garage full of three kids vs the biggest electronic company at that time. These company provide a tremendous service at little or no cost, pushing down the cost of that service and kicking in the nuts the "until then" monopolist behemoth and forcing it to lower the prices or lose. All this benefit the poorest users and damages the top of the hill fat cat! It's called FREE MARKET! Read something by Thomas Sowell and start dreaming for the real underdogs.
No - July 25, 2013 at 11:29am
I own an email , but do you know who am I ? No . Now I have an email simcard ( wich can reveal my identity because when I was buying it , I had to authenticate my identity ) , now you know who I am. And more things if you think more ...
Marcus1571 - July 25, 2013 at 11:57am
I'll bite. So, if your identity is "physically" in your SIM card then knowing the phone number won't reveal it. If instead your "certified" identity is store in the phone company database that issued the SIM card then you need to hack that database in that phone company. Knowing your phone number through word of mouth or because you see it sitting in the Viber helpdesk database won't bring anyone close to your identity. Unless you registered at the forum with your real name and that phone number but then at that point you had to know that anyone reading your post could havr made that connection. No offense whatsoever but I am still under the impression that "we're trying to frying with water" here (Italian saying).
No - July 25, 2013 at 1:19pm
Unless they store these informations and send it to somebody who can use it . Who can get your identity by knowing your phone number . When you want to spy you shouldn't miss even a bit of data , and it needs lots of cooperations . these informations can help in some cases that your identity is not completely recognized and they only guess it . So spying possibility is NOT IMPOSSIBLE .
Marcus1571 - July 25, 2013 at 1:55pm
Sure, but the question remains: How exactly is that some hackers enter a (.....get ready.....) database, of a helpdesk forum, get some username and other data you create an account with from the database, post some, keep the rest and (and this is the incredible part) claim that Viber is "stealing" info and "spying" on all of us. All I know is that there was this database, with all the users of the forum, no surprise, it is like claiming that a book has pages, and that the SEA "stole" and "spied" on Viber. And ALLLLLLLLLLLLLL this huge numbers of walking dead hipster is now listening to the only one who did the stealing and the spying and agreeing with it. I'm all pissed off with the NSA thing, but this is gianormously pathetic! Come on!!!
No - July 25, 2013 at 5:27pm
As Viber said : Sensitive, private user information is kept in a secure system that cannot be accessed through this type of attack. So there are private informations and SEA got access to some of them . The question is why ? To show they're power off or to say that viber is not safe or other things. The other question is HOW ? The Viber employee might be they're assistant. He got the email , they hacked the forum , he sent them some datas . I didn't say that the group who calls itself SEA got datas by hacking the database . I said that spying theory is possible and maybe they found it out and hacked the forum . That's it .(also I'm always READY)
Marcus1571 - July 26, 2013 at 10:50am
If you have access to a forum, a helpdesk, and its user list you have access to sensitive information. There you have the emails, the names (provided they are real), the passwords. The passwords are tricky and I say this because typically a non techsavvy person is likely to use the same password for everything, so if I use my email on a forum and then I use "a" password there are a lot of cases in which that password is the same for both. Should we call this average user stupid? Probably so. But this is true for every forum of the planet. People shouldn't be using the same password for forums and emails as well as they shouldn't write the PIN code on their credit card or the address on their house keys. Again, all this incident proves so far is that some hackers got accessed to data from this forum. And at this point there is nothing suspicious in that data being in the forum database to begin with while it is worrying that these probably ruthless individuals now have all these passwords and emails to match and see what is coming out of it. See, it all starts with them committing a crime and stealing sensitive private data. So if we stop here they are the villain (SEA). But then they claim to have done so for selfless righteous reasons because (and they provide no proof, no evidence of this) this Viber company steals data and spies on people. So now to the eyes of the hipster they are the glorious hero while Viber is the hideous villain. Well I say: Mmmmmmm! If you can say that of Viber's helpdesk then you can say that of every single forum and helpdesk on the Internet. Bottomline, they wanted to reverse Viber like a glove, inside-out. All the managed to achieve was to penetrate the forum and launch accusations that are ridiculous. Viber is in Israel, not in the USA, they don't even bend to NSA whimsical rules. So until someone shows me evidence these SEA are scammers and way too many people with too much time to spend on the web are fools. Please, do not take this message as an attack to your opinion. I'm just stating my idea. We disagree on at least half of this argument. We can agree to see if this story evolved in one direction or the other and then I'll offer you a symbolic beer or you'll offer me!
Viber - July 24, 2013 at 11:36am
Hi, I'm an official representative from Viber. As explained in the article, no sensitive user data was exposed and that Viber's databases were not "hacked". Sensitive, private user information is kept in a secure system that cannot be accessed through this type of attack and is not part of our support system. We are reviewing all of our policies to make sure that no such incident is repeated in the future. If you have any more questions/doubts, please feel free to let us know. :) Thanks, The Viber Team.
BA - July 24, 2013 at 5:56am
The Israelis get in trouble again.... Here's the problem since people want to buy the information and spying is done by every one , its a 'me too' atmosphere and we all know they wanna make $
nabil - July 23, 2013 at 11:48pm
i have a naturel aversion to this app.... maybe the logo ?...maybe.
Ahmad Sahin - July 23, 2013 at 10:07pm
hey yulia drop the conspiracy theories ok? get out of the web and go to afghanistan live in a cave.
yulia - July 24, 2013 at 12:45am
So you're a supporter of Yahoodi's who kill thousands of children and are stealing peoples information without their permission? Mashallah brother I hope they send a drone to blow you up next. It's not that they are jews but stealing private information and spying! Kind of like the USA'S NSA!
JeffN - July 24, 2013 at 7:33pm
You're an idiot. If you are looking for child murderers look no further than Hamas. The intentionally launch rockets into Israel from schools and Mosques so that when Israel takes out the launch sites they kill civilians. They use their own people as human shields because they have no value for human life.
9 More Comments
Follow iClarified