Viber, a popular messaging app, has been hacked by the Syrian Electronic Army. The news comes just days after the same group of hackers accessed the database of the Tango messaging app.
The group defaced the support site support.viber.com and posted a message acknowledging that “We weren’t able to hack all Viber systems”. They also alleged the service was designed for spying and tracking; however, there is no evidence to suggest this and the screenshots posted only contain device information that would be necessary for messaging app to retain.
The hackers did say that “Some backups were downloaded successfully” but it’s unclear what or how much user information has been compromised.
Viber has since taken down it’s site and is presumably working to address the hack. They responded with the following message.
Today the Viber Support site was defaced after a Viber employee unfortunately fell victim to an email phishing attack. The phishing attack allowed access to two minor systems: a customer support panel and a support administration system. Information from one of these systems was posted on the defaced page.
It is very important to emphasize that no sensitive user data was exposed and that Viber’s databases were not “hacked”. Sensitive, private user information is kept in a secure system that cannot be accessed through this type of attack and is not part of our support system.
We take this incident very seriously and we are working right now to return the support site to full service for our users. Additionally, we want to assure all of our users that we are reviewing all of our policies to make sure that no such incident is repeated in the future.
Viber’s support software is powered by Kayako, which more than 30,000 companies use world wide. They have issued the following statement to iClarified and have assured us that this issue seems to be an isolated issue as no other customers have been affected.
The security of our customers’ helpdesks and data is our highest priority. As Viber said in their statement, this looks to be an isolated compromise of an individual’s account. Even so, we have taken the precautionary measure of auditing our systems. At this time we have no reason to believe that any other Kayako system or customer has been affected and we will continue to monitor the situation.