So Viber was hacked and Viber didn't publish anything about it on Twitter or Facebook which is shocking to me. The first thing they should have done is to be honest with their users regarding what information had been leaked or stolen.
What I can tell you from an independant investigation I did on my own is that
- Information about the location of the Syrian users has been collected.
- They still have some passwords to access parts of the system despite what Viber pretends.
- They collected the list of Syrian users of Viber and do have the UDID numbers which can be used in future attacks on mobile devices.
- The fact that push tokens have leaked can lead to some malicious remote code execution attacks.
It's still unclear whether or not actual chat logs have been stolen but they clearly had the access to get them so I would assume they did but were disconnected while trying to download them.
I think this shows how dangerous it can be to use non-encrypted messaging systems. No one should be able to have all this information because by design no company can keep it private.
Here is a partial list of the Syrian phone numbers that were compromised during the attack.
