Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.
07-29-2013, 12:17 AM #1
Viber's Apple App Store Description Defaced by Hackers
This past week, the popular messenger Viber was hacked by the Syrian Electronic Army and the Support page was defaced as well with the message saying, “The Israeli-based – Viber is spying and tracking you.” It has recently been discovered that Viber’s Apple App Store description has been defaced as well, this time with a modified description reading “We created this app to spy on you, PLEASE DOWNLOAD IT!”
It isn’t quite clear if the hack was also performed by the Syrian Electronic Army or not but it’s possible that hackers may have gained access to other various developer-facing functions. The company responded after a previous attack stating that one of its employee’s fell victim to a phishing attack and attackers could gain access to a customer support panel and support administration system, insisting that no sensitive user data had been exposed. The company released the following statement to the public:
A few days ago a “hacker” was able to gain access to a couple of Viber.com email accounts via a phishing attack. This has since been fixed.
Data they recovered allowed them to deface our support site and also gain access to our iTunes Connect account (App Store) at a level that allowed them to change the description text of our app – which they did a few days ago around the same time as the original defacement. We noticed this within minutes, fixed the metadata and removed this user (in fact, all users but one) from our iTunes Connect account.
Unfortunately, on Saturday this happened again. Upon further investigation we realized this is a security issue in iTunes Connect. It seems that when you remove a user, if the user is logged in, then the user stays logged in. We hope Apple fixes this issue soon, as currently we have no way to permanently disconnect this user from our iTunes Connect. We have reached out to Apple regarding this issue and are waiting on their response.
At this point, we want to reassure users, that this has no impact on the security of the Viber App, Viber System, our databases, user information, etc. It’s merely an unfortunate nuisance.
Source: The Hacker News
07-29-2013, 12:29 AM #2
That is awesome. This is why I don't download apps like this.
07-29-2013, 01:32 AM #3
Viber does spy on you though. It's true lol
07-29-2013, 02:21 AM #4
07-29-2013, 02:46 AM #5
Viber devs falling for phishing attacks..
The Following User Says Thank You to Reeiiko For This Useful Post:
07-29-2013, 07:11 AM #6
The Following User Says Thank You to slim.jim For This Useful Post: