Viber Swallowed Phish, Not Tracking Users
Posted on July 24th, 2013 by Lysa Myers
Oh boy, time for more over-inflated claims from hacktivist groups. Are we excited yet?!
The Syrian Electronic Army (SEA) broke into and defaced the Viber website yesterday, so that it was displaying a message stating that the Viber app was tracking and spying on users. They also included a screenshot that supposedly proved their claim. As it turns out, (SHOCK! AMAZEMENT!) this claim was not entirely accurate.
Some experts had noticed that this story didn’t quite pass the sniff-test, and that it was more likely that someone at Viber had fallen for a phishing scam and that this was showing a less sensitive database. Viber soon confirmed this, saying that the database was for their support site, not for full user account details. References in the screenshot to UDID were not referring to iDevices’ Universal Device ID, but to an internal Viber user ID.
The SEA claims twist several facts in order to be potentially inflammatory. Their defacement called Viber an “Israeli-based company,” but like many other major software companies Viber simply has a development site in Israel. The SEA also claimed that the Viber app is tracking users, but could they simply be referring to features of the product that allow users to broadcast their location?
Hacktivist claims should generally be taken with a grain of salt and researched thoroughly before being swallowed whole. This incident is a nice reminder of that.