The Syrian Electronic Army (SEA) has taken responsibility for hacking Viber’s website and database. The Hacker News first reported on the defacing of Viber’s site with the Syrian Electronic Army banner. The SEA then posted the tweet below.
Warning: If you have "Viber" app installed we advise you to delete it, more details on: http://t.co/F5eKHPRu51 #SEA #SyrianElectronicArmy
— SyrianElectronicArmy (@Official_SEA12) July 23, 2013
The hackers gained access to email addresses, phone numbers, and other information of Viber’s employees and users. The group’s attacks have been becoming more frequent, with hacks on the Associated Press, The Guardian, BBC, and Al Jazeera. Even Tango, the chat platform, was recently hacked by the SEA.
The reason for the hack is because the SEA believes Viber is used for spying but the motive goes further than that. The SEA explicitly calls Viber an “Israeli-based” application, indicating the hack could be due to tensions between Syria and Israel.
Information stolen from Viber seems to be basic information like IP address, operating system info, phone numbers and Viber software versions. Based on the screenshot posted by the SEA, the stolen information doesn’t seem to be too sensitive.
Viber has reached out to 9to5Mac to acknowledge the hack. “It is very important to emphasize that no sensitive user data was exposed and that Viber’s databases were not ‘hacked.’ Sensitive, private user information is kept in a secure system that cannot be accessed through this type of attack and is not part of our support system,” writes Viber.
The attack seems to have been carried out due to a basic phishing scam, which tricked one Viber employee into clicking. This then gave the “hacker” access to Viber’s customer support panel and the support administration system.