La doar cateva zile dupa ce aflam ca infrastructura din spatele aplicatiei Tango a fost exploatata de catre hackerii de la Syrian Electronic Army care au descarcat o baza de date de 1.5 TB, iata ca Viber a trecut prin aceeasi problema. Desi hackerii nu au putut exploata toate sistemele Viber, printr-un mesaj ei au avertizat utilizatorii ca aplicatia Viber monitorizeaza toata activitatea lor. Mai exact, aplicatia genereaza loguri bazate pe IP/UDID/locatie pentru fiecare apel facut folosind-o, astfel administratorii ei pot sti oricand de unde se initiaza apeluri si cine le face.
Dear All Viber Users,
The Israeli-based “Viber” is spying and tracking you
We weren’t able to hack all Viber systems, but most of it is designed for spying and tracking
Cei de la Viber nu au comentat problema, insa sigur nu dezvaluirea metodelor neortodoxe de functionare a aplicatiei a fost motivul hack-ului. Viber are milioane de utilizatori activi in lumea intreaga, este o aplicatie populara, iar acesta al doilea hack este un semnal de alarma care sugereaza faptul ca alte sisteme similare vor fi exploatate in curand.
UPDATE: Mai jos aveti si pozitia oficiala a Viber in legatura cu acest incident. Se pare ca un angajat al companiei a fost pacalit de un atac de tip phishing si a oferit hackerilor acces la doua sisteme considerate a fi minore de catre companie. Cei de la Viber sustin ca datele utilizatorilor nu au fost compromise si bazele de date nu au fost preluate de catre hackeri, asa ca toti puteti dormi linistiti.
Today the Viber Support site was defaced after a Viber employee unfortunately fell victim to an email phishing attack. The phishing attack allowed access to two minor systems: a customer support panel and a support administration system. Information from one of these systems was posted on the defaced page.
It is very important to emphasize that no sensitive user data was exposed and that Viber’s databases were not “hacked”. Sensitive, private user information is kept in a secure system that cannot be accessed through this type of attack and is not part of our support system.
We take this incident very seriously and we are working right now to return the support site to full service for our users. Additionally, we want to assure all of our users that we are reviewing all of our policies to make sure that no such incident is repeated in the future.