Messaging app company Viber believes there is a glaring flaw in Apple’s iTunes Connect, which it has blamed for a defacement of its App Store page.
The flaw lets a hacker who is logged in to an iTunes Connect account remain logged in, even when the administrator has removed them from the list of authorised users.
Viber admitted two Viber.com email accounts had been compromised by a phishing attack, allowing the attacker to get the right login details to deface the company’s support site, as TechWeek reported last week, and gain access to its iTunes Connect account.
Although Viber removed the user from its iTunes Connect account, the hacker, believed to be a member of the Syrian Electronic Army, remained logged in. And that has left Viber upset.
“On Saturday this happened again. Upon further investigation we realised this is a security issue in iTunes Connect,” a spokesperson said, in an emailed statement sent to TechWeek.
“It seems that when you remove a user, if the user is logged in, then the user stays logged in.
“We hope Apple fixes this issue soon, as currently we have no way to permanently disconnect this user from our iTunes Connect. We have reached out to Apple regarding this issue and are waiting on their response.”
An Apple spokesperson said it had no comment at the time of publication.
“At this point, we want to reassure users, that this has no impact on the security of the Viber App, Viber System, our databases, user information, etc. It’s merely an unfortunate nuisance,” Viber added.
What do you know about Internet security? Find out with our quiz!
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…
View Comments
Hi,
I'm an official representative from Viber.
As mentioned in the article, a security issue in iTunes Connect allowed the same "hackers" who defaced our Support Site to change the description of our AppStore page (and that's all). We have contacted Apple regarding this issue and are awaiting their response. Meanwhile, our AppStore page is back to normal. :)
We want to reassure our users again: this has no impact on Viber's security. We're safe as always. :)
Thanks,
The Viber Team
"We are safe as always."
Viber, you have been hacked. And not only once but twice as it seems. That is exact the opposite of safe, private and secure.
Hi Marie,
Thank you for your comment.
We wouldn't call this incident "hack". It was a very minor phishing attack that allowed the people behind it to cause superficial damage (change of pages online, and that's it), and it was resolved within minutes in both cases.
The second case (the AppStore description change) actually has nothing to do with the fact that we (Viber) were hacked.
You are right, all of the above does not mean that we will ignore the whole incident. We are working hard to ensure that this will not reoccur.
However, the main point is: at no point was sensitive information taken from anywhere in the company, and that is the most important thing for us to emphasize to our users.
Thanks again,
Viber.