Skip to main content

Viber hacking appears to extend to app’s App Store description

Screen Shot 2013-07-27 at 6.51.35 PM

Last week, we noted that popular communications app Viber was hacked by the Syrian Electronic Army, which led to aspects of Viber’s website being defaced with the message “The Israeli-based “Viber” is spying and tracking you.”

Today, reader Peter Wells points out that Viber’s App Store description has been defaced as well. If this new app description was tainted by the Syrian Electronic Army, it is possible that the hackers have gained access to the other various developer-facing functions.

We have reached out to Viber for comment and will update this post once they are received.

Update: Viber has commented:

A few days ago a “hacker” was able to gain access to a couple of Viber.com email accounts via a phishing attack. This has since been fixed.

Data they recovered allowed them to deface our support site and also gain access to our iTunes Connect account (App Store) at a level that allowed them to change the description text of our app – which they did a few days ago around the same time as the original defacement. We noticed this within minutes, fixed the metadata and removed this user (in fact, all users but one) from our iTunes Connect account.

Unfortunately, on Saturday this happened again. Upon further investigation we realized this is a security issue in iTunes Connect. It seems that when you remove a user, if the user is logged in, then the user stays logged in. We hope Apple fixes this issue soon, as currently we have no way to permanently disconnect this user from our iTunes Connect. We have reached out to Apple regarding this issue and are waiting on their response.

At this point, we want to reassure users, that this has no impact on the security of the Viber App, Viber System, our databases, user information, etc. It’s merely an unfortunate nuisance.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

  1. Nick Pomes (@nmpomes) - 11 years ago

    Are you guys not using Vanilla anymore?

  2. Ronen Magid - 11 years ago

    I think the “Syrian Electronic Army” should be more concerned with the 100,000 (and counting) dead men, women and children caused by “Free Syrian Army” aided by “Al Queda’s Army” fighting the “Regular Syrian Army” aided by “Hezbollah God’s Army”. Israel’s imaginary or non-imaginary spying programs, though never failing to inspire the famous Arab imagination with theories of conspiracy and mystique, should really be the last thing on the to-worry-about list.

  3. Luke Mansell - 11 years ago

    I take it Apple doesn’t have to approve these description updates then? Kinda random that this is happening while the developer portal is getting hacked.

  4. Nick - 11 years ago

    I feel for these guys. The last thing a messaging company wants a reputation for sharing data.

  5. Byron - 11 years ago

    iPhone 5C[lassic]

  6. Viber Team - 11 years ago

    Hi there,
    I’m an official rep. from Viber.

    As mentioned in the article, a security issue in iTunes Connect allowed the same “hackers” who defaced our Support Site to change the description of our AppStore page (and that’s all). We have contacted Apple regarding this issue and are awaiting their response. Meanwhile, our AppStore page is back to normal.

    We want to reassure our users again: this has no impact on the security of the Viber App.
    Viber is completely safe as before. :)

    Thanks,
    The Viber Team