Messaging app Viber is facing a potential data breach after a pro-Palestinian hacktivist group, Handala Hack, claimed responsibility for accessing its servers and stealing a trove of data.
In its Telegram post, Handala Hack alleged they stole over 740GB of data, including Viber’s source code. The group demands a ransom of 8 Bitcoin, or $583,000, for the stolen information.
“Have you seen the management panel of Viber Messenger before? Can you imagine the technology giants affiliated with the occupying regime, what information of citizens they store?” the group’s post read. As seen by Hackread.com, the claim was accompanied by an image allegedly showing a directory listing.
Viber, a messaging app introduced in 2010 and acquired by Japanese multinational firm Rakuten in 2014 for $900 million, has responded to the hackers’ claims.
The company has denied any evidence of intrusion into its systems or data compromise but confirmed that it has already launched an investigation to verify if a security breach has occurred.
“We are aware of the claim and are investigating the validity of the alleged breach with utmost urgency,” the company said. “The security of our users’ data is our top priority,” the company reiterated.
If confirmed, this could be one of the largest data breaches in recent history. Experts opine that this breach, potentially involving personal messages, call logs, contact details, and financial information, can devastate Viber users.
Handala Hack is a controversial group known for targeting Israeli entities and their allies to support the Palestinian cause. It has been active since establishing its Telegram channel in December 2023 and later joining Breach Forums.
This group claims to have targeted Israeli infrastructure, healthcare providers, community centers, tech companies, media outlets, and defence contractors with sophisticated techniques.
Some of these techniques include phishing emails mimicking F5 BIG-IP zero-day security updates and SQL injection attacks, compromising databases and highlighting their intent to disrupt political messages through cyber means. Their claimed targets include Hadarom Port, Home Medics, Rosh Ha’ayin Municipal Society, and DRS RADA Technologies.
Whether verified or not, the incident involving Viber raises questions about the app’s data security practices. Viber needs to address user concerns by clearly explaining the situation and any potential risks to user data.
In the meantime, Viber users should exercise caution and change their passwords, be cautious of phishing attempts, and stay informed about any updates regarding the alleged data breach by checking Viber’s official channels.