Pro-Assad hackers strike messaging app Viber

The Syrian Electronic Army, a hacktivist group supportive of the country’s president Bashar al-Assad, breached two “minor systems,” according to company officials and the group’s online declarations.

The intruders accessed phone numbers, UDIDs (a Viber-specific UDID, not the one Apple provides), country, IP address, device type, OS OS type, OS version, registration date, most recent update, and push token.

The systems hit were a customer support panel and a support administration system. The company’s official response states: “No sensitive user data was exposed and Viber’s databases were not ‘hacked’.”

The belief is that penetration was made possible through a malicious “phishing” email that infected an employee’s machine when the employee opened an innocuous-looking attachment or clicked on a link.

 “Sensitive, private user information is kept in a secure system that cannot be accessed through this type of attack and is not part of our support system,” company officials stated.

The culprits replaced the Viber support page with the following message and a screenshot of the hack, as proof of their work: “Dear All Viber Users,

The Israeli-based “Viber” is spying and tracking you

We weren’t able to hack all Viber systems, but most of it is designed for spying and tracking”

Viber is a free messaging and calling service based out of London, with development centers in Israel, with over 200 million users globally.