Viber is understandably trying to calm users about the security breach. In addition, I was told that the UDID displayed on the screenshot is not the device UDID, but instead an internal Viber ID number.
Additionally, we want to assure all of our users that we are reviewing all of our policies to make sure that no such incident is repeated in the future.” We take this incident very seriously and we are working right now to return the support site to full service for our users. Sensitive, private user information is kept in a secure system that cannot be accessed through this type of attack and is not part of our support system.
It is very important to emphasize that no sensitive user data was exposed and that Viber’s databases were not “hacked”. Information from one of these systems was posted on the defaced page. The phishing attack allowed access to two minor systems: a customer support panel and a support administration system. “Today the Viber Support site was defaced after a Viber employee unfortunately fell victim to an email phishing attack. There is currently no mention of the security issue on Viber’s Twitter or main website.Ī Viber spokesperson got in touch with me, and gave me the following statement: Warning: If you have “Viber” app installed we advise you to delete itĮarlier this year, Viber announced that it had over 200 million mobile users. The Syrian Electronic Army is very happy to put the boot in it seems, tweeting out: My guess is that the Syrian Electronic Army was able to trick a member of Viber’s staff into handing over their username and password (possibly via a phishing attack), and the hackers were then able to use this information to crowbar their way into Viber’s internal systems, with damaging results. This is obviously highly damaging to Viber. In addition, at the bottom of the defaced webpage, the hackers published the names, phone numbers and email addresses of Viber administrators. In the example posted by the Syrian Electronic Army, the phone numbers all have the internationally dialling code of 963 – the code for Syria. I’ve blurred out the information in the above screenshot, but the hackers made no such attempts to protect users’ privacy.
We weren’t able to hack all Viber systems, but most of it is designed for spying and trackingĮmbedded within the defaced webpage is a link to a screencapture of what appears to be an internal database by Viber employees showing users’ phone numbers, device UDID, country, IP address, operating system and version, first registration to Viber, and what version of Viber they are using. The Israeli-based “Viber” is spying and tracking you Part of the message on the defaced website reads: Clearly it can no longer be considered under the control of Viber itself.
0 kommentar(er)
