The Syrian Electronic Army (SEA), hackers loyal to president Bashar al-Assad, claim to have stolen millions of users’ personal details from Tango, a popular video and text messaging app noted in BBC News.
The hackers posted screenshots on their website to back up their claims.
Tango, based in Mountain View, California, has amassed more than 120 million registered users of its free video and text messaging application since its launch in 2009.
The cross-platform app is available in 39 languages in more than 210 countries and allows users to play games and watch animations during calls, as well as edit photos and send e-cards.
The SEA says it hacked into Tango’s back-up database and downloaded users’ private phone numbers, contacts and emails, amounting to 1.5 terabytes of data.
TangoMe Inc confirmed a security breach via its Twitter feed saying: “Tango experienced a cyber intrusion that resulted in unauthorized access to some data. We are working on increasing our security systems.”
But the U.S. firm did not confirm that it was SEA that carried out the attack nor that 1.5TB of data had been stolen.
“We sincerely apologise for any inconvenience this breach may have caused our members,” Tango added in a follow-up tweet.
SEA says it will give “much of the information” to the Syrian government.
Tango may have used outdated WP version
Internet security experts believe the breach may have been related to Tango’s use of an outdated version of the WordPress content management system.
According to E Hacking News, Tango was still using WordPress version 3.2.1, when the latest version is 3.5.2.
Tango hack story offends SEA even more
The SEA took offense at a caricature of the Syrian president accompanying a report of the Tango hack story posted on The Daily Dot website.
It asked for the picture to be removed in a tweet, then hacked into the news site’s administration panel and deleted the entire article.
The same group achieved notoriety after successfully hijacking official Twitter feeds of the BBC, Associated Press, the Financial Times and The Guardian.
But the hackers did not say why they had targeted Tango in particular.