The Syrian Electronic Army strikes again at another VoIP provider, this time, Viber. We reported the cyber attacks on Tango, now it seems that the pro-Assad militant cyber group claims allegedly that it was able to download backups of Viber's database, which includes but it's not limited to phone numbers, device IDs and, supposedly, push notification tokens. Along with the purported intrusion, some Viber pages have been defaced. Viber has come forward and has stated that the intrusion is mostly harmless to customers of their VoIP services since they claim that the most vital user information is kept in a different database that can't be exploited by outsider threats. As always, Viber requests that 200,000 users be vigilant and report any suspicious activity with their accounts.
Today the Viber Support site was defaced after a Viber employee unfortunately fell victim to an email phishing attack. The phishing attack allowed access to two minor systems: a customer support panel and a support administration system. Information from one of these systems was posted on the defaced page.
It is very important to emphasize that no sensitive user data was exposed and that Viber’s databases were not “hacked”. Sensitive, private user information is kept in a secure system that cannot be accessed through this type of attack and is not part of our support system.
We take this incident very seriously and we are working right now to return the support site to full service for our users. Additionally, we want to assure all of our users that we are reviewing all of our policies to make sure that no such incident is repeated in the future. - Viber
Read More | Arstechnica
The Syrian Electronic Army (SEA) has come forward claiming that it has stolen millions of user email addresses, phone numbers and contact information of the popular video messaging service Tango. The 1.5 terabyte worth of compromised data has been confirmed by Tango on Twitter.
SEA has stated that it will hand over the information to its country's government lead by embattled President Bashir al-Assad. The compromise was possible due to an outdated WordPress installation.
Traditional telecommunication is to be avoided due to current war in Syria that has resulted in the rising death toll of over 100,000 lives. Thus, popular messaging services with VoIP capabilities are very popular in that part of world. So, it comes to no surprise that the exploit is for the sole purpose of monitoring, stamping out and finding rebel forces and sympathizers.
"Tango experienced a cyber intrusion that resulted in unauthorized access to some data. We are working on increasing our security systems. We sincerely apologize for any inconvenience this breach may have caused our members." -Tango
Read More | Syrian Electric Army