back to article Bad Vibes, man: Babble app chaps unwrapped in phish trap hack flap

Hacker gang the Syrian Electronic Army broke into the systems of Viber, the popular mobile chat service, and dumped its user account records online. The miscreants, loyal to Syria's president Bashar al-Assad, say they were able to infiltrate Viber’s support website, which allowed them to extract punters' private data. The site …


This topic is closed for new posts.

Not being funny right

But if I you're making a messaging app-ma-bob, don't you sort of need some of those details in your db. You know, for your users, and for routing messages and things. Or did I miss something here?


Re: Not being funny right

Yeah, that's what I thought too. It all seems pretty vanilla:

phone number: Viber uses the phone number to identify you, rather than inventing Yet Another Username. This also means that the Viber app can look at your phone's address book and automatically list the Viber users you know - you don't have to faff around asking your mates for their Skype name.

device UDID: At least with iPhone, I don't think apps get access to your phone number. (When you install Viber, you type in your phone number, then they text you a code you can type in to confirm it's really your phone number). Presumably they have access to some sort of Unique Device ID (UDID) for the phone, so it would make sense to store this in case you uninstall & reinstall Viber. Also may be useful as an anti-hacking tool - if you connect with a different UDID, or if you have multiple phone numbers on the same UDID, there might be something funny going on.

IP address: If you want them to route a call to you, this is probably important!!!!

country: Useful for languages, legal stuff, and demographics information. Lets them tell investors how many users there are in each country, which affects how much they're worth (e.g. if they were considering adding adverts, it may affect how much they could expect to get). And, if you know my phone number, then you already know this since it's a UK phone number!

first registration to Viber: Also useful information to tell investors, and to value the company. And if you already know my phone number and you already know I have Viber, then I don't really care if you learn "when I signed up for Viber".

operating system and version: There are different apps for Viber. Should Viber spend more time on the iOS or Android version of Viber? Can they drop support for old versions of Android? This is the data that will help them answer that question.

what version of Viber they are using: If Viber adds new features, then they need this to see who can use the new features.

So, really the fact that Viber has this isn't worrying. The fact that they're incompetent enough to get hacked is slightly worrying. With any hack there's always the nagging suspicion that maybe the breach was worse than they're letting on, either because they're minimizing it for PR reasons or because they didn't discover the full extent of the breach.

Anonymous Coward

Syrian Electronic Army:

Dear All Viber Users, The Israeli-based "Viber" is spying and tracking you We weren't able to hack all Viber systems, but most of it is designed for spying and tracking.

Dear Syrian Electronic Army, do you watch the news on other countries?

Spying and tracking to being used by every gov worldwide on all of its citizens and other countries worldwide. Seems we are all spying on each other, then smiling at each other at the negotiationg table. So what is your point?

Admit it, you're doing the exact same thing!

I live in a world of players, liears and cheaters, of any religious/creed/class/race. Well done to you all, you have all got a one way ticket to hell. (not that that means anything, as there is no such thing)

Silver badge


From that name I thought it was a company that made sex toys, not a chat service...

This topic is closed for new posts.


Biting the hand that feeds IT © 1998–2017