Viber Claims iTunes Flaw To Blame For App Store Account Hack

Hackers can stay logged in to iTunes Connect accounts even when they’ve been blocked, Viber claims

Messaging app company Viber believes there is a glaring flaw in Apple’s iTunes Connect, which it has blamed for a defacement of its App Store page.

The flaw lets a hacker who is logged in to an iTunes Connect account remain logged in, even when the administrator has removed them from the list of authorised users.

Viber admitted two email accounts had been compromised by a phishing attack, allowing the attacker to get the right login details to deface the company’s support site, as TechWeek reported last week, and gain access to its iTunes Connect account.

Viber DesktopThe defacement of the App Store page was similar to that of the Support site, claiming Viber spied on its users.

Viber attacked

Although Viber removed the user from its iTunes Connect account, the hacker, believed to be a member of the Syrian Electronic Army, remained logged in. And that has left Viber upset.

“On Saturday this happened again. Upon further investigation we realised this is a security issue in iTunes Connect,” a spokesperson said, in an emailed statement sent to TechWeek.

“It seems that when you remove a user, if the user is logged in, then the user stays logged in.

“We hope Apple fixes this issue soon, as currently we have no way to permanently disconnect this user from our iTunes Connect. We have reached out to Apple regarding this issue and are waiting on their response.”

An Apple spokesperson said it had no comment at the time of publication.

“At this point, we want to reassure users, that this has no impact on the security of the Viber App, Viber System, our databases, user information, etc. It’s merely an unfortunate nuisance,” Viber added.

What do you know about Internet security? Find out with our quiz!