Syrian hacktvists hit second mobile app in a week

A Syrian hacktivist group has hacked into systems behind the Viber mobile app in the second such attack in a week

A hacktivist group loyal to Syrian president Bashar al-Assad claims it has hacked into systems behind the Viber mobile Wi-Fi calling and messaging app.

The Viber app mobile has more than 200 million users.

The claim comes just days after the Syrian Electronic Army (SEA) said it had stolen millions of users’ details from users of video and text messaging app Tango, which has 120 million registered users.

The SEA rose to prominence earlier in the year when it carried out attacks against Western media organisations, including the BBC, Associated Press, the Financial Times and the Guardian.

In the latest attack, the group tweeted: "If you have 'Viber' app installed we advise you to delete it."

The hacktivist group is claiming responsibility for breaching Viber's database and defacing its website, according to The Hacker News.

Read more about hacktivism

Website defaced

Viber's support page on its website was modified to display a banner that said, "Hacked by Syrian Electronic Army" and a note that said, "Dear All Viber Users, the Israeli-based 'Viber' is spying and tracking you."

The page was immediately withdrawn and was still not available on Wednesday morning.

Viber is an app that lets users call and message via Wi-Fi for free. In May, it announced that it had more than 200 million users spread across 193 countries.

The company behind the app confirmed to TechCrunch that its website had been defaced, but said that sensitive user information was not stolen.

Viber said in a statement that it had been the target of an email phishing attack that enabled attackers to access two "minor" systems – a customer support panel and a support administration system.

Database security

But the company denied that Viber’s databases had been hacked and said no sensitive user data had been exposed.

“Sensitive, private user information is kept in a secure system that cannot be accessed through this type of attack and is not part of our support system,” Viber said.

Viber said it is reviewing all its policies to make sure no such incident is repeated in the future.

Last weekend, the SEA said it hacked into Tango's backup database and downloaded users' private phone numbers, contacts and emails. It posted screenshots that appear to support the claims.

The SEA said it would give much of the information to the Syrian government, but did not say why Tango had been singled out for attack.

Easy target

Security experts said the motive may be as simple as the fact that the site uses an outdated version of the WordPress content management system, which is relatively easy to compromise.

The US-based TangoMe confirmed a security breach, tweeting: "Tango experienced a cyber intrusion that resulted in unauthorised access to some data. We are working on increasing our security systems."

The SEA reacted angrily to a caricature of the Syrian president alongside an initial report of the Tango hack on The Daily Dot website, according to the BBC.

The group at first demanded that the picture be removed, but then hacked into the news site's administration system and deleted the entire article.

Read more on Hackers and cybercrime prevention