Syrian Electronic Army strikes again, this time at Viber

The Syrian Electronic Army, a group of computer hackers affiliated to the Syrian President Bashar al-Assad, is at it again , according to a report by AppleSpot . This time, the target is Viber, the free messaging and calling service. The company works out of London with development centres in Israel and a global user base of over 200 million subscribers.

Earlier this morning, the company confirmed that there was a situation. According to the statement, Viber appeared to have been hacked by a group, which left some of its content compromised. While the original report suggested that the hack affected the Viber support page , the degree of the breach was left unclear at the time, as was the amount of information that hackers were able to get from the Viber systems.

The company has now clarified that the hack was only able to gain access to two minor systems, namely a customer support panel and a support administration system. The official statement read: “No sensitive user data was exposed and Viber’s databases were not hacked.”

While Viber is tight-lipped about the source of the hack, the Syrian Electronic Army has taken credit for the attack. The company has gone on record, though, to state that the hack was caused by a phishing attack that was carried out against one of its employees. 

Screenshot of the Syrian Electronic Army’s hack on Viber’s systems (Image credit: TechCrunch)

According to the first report, Viber’s support page was taken down by the hack and replaced with a message that read: “Dear All Viber Users, the Israeli-based ‘Viber’ is spying and tracking you. We weren’t able to hack all Viber systems, but most of it is designed for spying and tracking.”

The hackers also attached a screenshot of the hack, which clearly showed personal information like phone numbers, a Viber-specific UDID, country, IP address, device type, OS type, OS version, registration date, the most recent update and the push token.

Viber played down fears, according to TechCrunch , by saying, “The data is quite basic – we want to know when user registered, where from (country), device type (helps us understand who uses Viber, detect problems, etc), UDID is an internal ID (not the Apple UDID), push token is used to communicate with users (but cannot be used by a 3rd party), etc. While this is not the most sensitive data (message content, address book, etc), we are disappointed that hackers were able to gain access to these systems. We are working, as we speak, to make sure that this will not happen again. The system that was breached is our CSR (Customer Support). Supporters need access to this data to help users with various technical issues. Most app developers would provide their supporters with similar data.”

In response to the message, the company responded, saying, “Viber, like many other companies such as Microsoft, Cisco, Google, and Intel maintain a development center in Israel. It seems like this caused some people to come up with some pretty bizarre conspiracy theories. It goes without saying, that these claims are completely without merit, and have no basis in reality whatsoever.”