Screen Shot 2013-07-27 at 6.51.35 PM

Last week, we noted that popular communications app Viber was hacked by the Syrian Electronic Army, which led to aspects of Viber’s website being defaced with the message “The Israeli-based “Viber” is spying and tracking you.”

Today, reader Peter Wells points out that Viber’s App Store description has been defaced as well. If this new app description was tainted by the Syrian Electronic Army, it is possible that the hackers have gained access to the other various developer-facing functions.

We have reached out to Viber for comment and will update this post once they are received.

Update: Viber has commented:

A few days ago a “hacker” was able to gain access to a couple of Viber.com email accounts via a phishing attack. This has since been fixed.

Data they recovered allowed them to deface our support site and also gain access to our iTunes Connect account (App Store) at a level that allowed them to change the description text of our app – which they did a few days ago around the same time as the original defacement. We noticed this within minutes, fixed the metadata and removed this user (in fact, all users but one) from our iTunes Connect account.

Unfortunately, on Saturday this happened again. Upon further investigation we realized this is a security issue in iTunes Connect. It seems that when you remove a user, if the user is logged in, then the user stays logged in. We hope Apple fixes this issue soon, as currently we have no way to permanently disconnect this user from our iTunes Connect. We have reached out to Apple regarding this issue and are waiting on their response.

At this point, we want to reassure users, that this has no impact on the security of the Viber App, Viber System, our databases, user information, etc. It’s merely an unfortunate nuisance.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

8 Responses to “Viber hacking appears to extend to app’s App Store description”

  1. Are you guys not using Vanilla anymore?

  2. Ronen Magid says:

    I think the “Syrian Electronic Army” should be more concerned with the 100,000 (and counting) dead men, women and children caused by “Free Syrian Army” aided by “Al Queda’s Army” fighting the “Regular Syrian Army” aided by “Hezbollah God’s Army”. Israel’s imaginary or non-imaginary spying programs, though never failing to inspire the famous Arab imagination with theories of conspiracy and mystique, should really be the last thing on the to-worry-about list.

  3. Luke Mansell says:

    I take it Apple doesn’t have to approve these description updates then? Kinda random that this is happening while the developer portal is getting hacked.

  4. Nick says:

    I feel for these guys. The last thing a messaging company wants a reputation for sharing data.

  5. Byron says:

    iPhone 5C[lassic]

  6. Viber Team says:

    Hi there,
    I’m an official rep. from Viber.

    As mentioned in the article, a security issue in iTunes Connect allowed the same “hackers” who defaced our Support Site to change the description of our AppStore page (and that’s all). We have contacted Apple regarding this issue and are awaiting their response. Meanwhile, our AppStore page is back to normal.

    We want to reassure our users again: this has no impact on the security of the Viber App.
    Viber is completely safe as before. :)

    Thanks,
    The Viber Team