Hackers deface Viber in iOS App Store, release staff passwords

Last week, the big news was that Viber's support systems were apparently hacked by the Syrian Electronic Army, and an internal database accessed.

But it doesn't appear that hackers were prepared to leave it at that, as you can see from Viber's description in the iOS App Store:

"We created this app to spy on you, PLEASE DOWNLOAD IT!"

Viber description in the App Store

At the time of writing, the Syrian Electronic Army does not appear to claimed credit for this attack against Viber, but it would be no surprise if they are responsible.

After all, just a day ago they published what they claimed were the passwords for two senior members of Viber's staff:

Passwords of Viber's staff

It's important to note that there is no suggestion that the hackers changed the actual Viber app itself, but rather altered part of the App Store's description for the popular messaging app. In short, this is little more than graffiti - albeit graffiti which damages a company's brand.

Presumably this defacement was the result of careless password reuse by Viber. As I've described many times before you should never use the same password on multiple websites.

If you do make the mistake of reusing passwords, you are running the risk of having your password compromised in one place (perhaps via a phishing attack or key logger) and then hackers using it to unlock your other online accounts.

If you find passwords a burden - simply use password management software like Bitwarden, 1Password, and KeePass to make them both safer and easier to remember.

Update: Viber has been in touch, with an official statement on the incident. They have placed the blame partially on the way Apple handles connections to the iTunes Connect accounts used by developers to update entries in the App Store.

Here is what Viber has to say:

A few days ago a "hacker" was able to gain access to a couple of Viber.com email accounts via a phishing attack. This has since been fixed.

Data they recovered allowed them to deface our support site and also gain access to our iTunes Connect account (App Store) at a level that allowed them to change the description text of our app - which they did a few days ago around the same time as the original defacement. We noticed this within minutes, fixed the metadata and removed this user (in fact, all users but one) from our iTunes Connect account.

Unfortunately, on Saturday this happened again. Upon further investigation we realized this is a security issue in iTunes Connect. It seems that when you remove a user, if the user is logged in, then the user stays logged in. We hope Apple fixes this issue soon, as currently we have no way to permanently disconnect this user from our iTunes Connect. We have reached out to Apple regarding this issue and are waiting on their response.

At this point, we want to reassure users, that this has no impact on the security of the Viber App, Viber System, our databases, user information, etc. It's merely an unfortunate nuisance."

Tags: , , , , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, , , , , ,

4 Responses

  1. ilan

    July 29, 2013 at 1:36 am #

    serves viber right, just because they used to 'hack' browsers search page with sweetIM.

    • shtiasa in reply to ilan.

      July 29, 2013 at 5:16 am #

      And what about the users,ilan?

  2. Stew Green

    July 29, 2013 at 12:51 pm #

    – so App SHOP PAGE hijacked, but not the app itself. That's a similar modus operandi that Graham exposed re Sky App shop page on Android , when the Twittersphere panicked and told people to delete apps (when no actual had ever been infected in the first place)

  3. Viber

    July 29, 2013 at 1:59 pm #

    Hi,
    I'm an official representative from Viber.

    As mentioned in the article, a security issue in iTunes Connect allowed the same "hackers" who defaced our Support Site to change the description of our AppStore page (and that's all). We have contacted Apple regarding this issue and are awaiting their response. Meanwhile, our AppStore page is back to normal. :)

    We want to reassure our users again: this has no impact on the security of the Viber App. Viber is completely safe. :)

    Thanks,
    The Viber Team

Leave a Reply