The Syrian Electronic Army (SEA) has claimed to have successfully hacked free video and text messaging service Tango.
The organisation, which is loyal to Syrian President Bashar-al-Assad, boasted that it breached Tango's website and back-up, database, managing to steal sensitive personal data, including users' private phone numbers, contacts and email addresses.
The stolen information allegedly amounts to 1.5TB of data.
The SEA said, "Much of the information in the databases that were downloaded will be delivered to the Syrian government."
Tango took to Twitter to confirm the data hack, writing (opens in new tab), "Tango experienced a cyber intrusion that resulted in unauthorized access to some data. We are working on increasing our security systems."
To add proof to its claims, the SEA posted screenshots (opens in new tab) of the hack to its website, which has prompted Internet security experts to speculate that the hack took place because of Tango's use of an old version of the WordPress content management system.
The latest version of WordPress is 3.5.2, but Tango has been using 3.2.1, according to E Hacking News (opens in new tab).
In a subsequent Twitter post, Tango wrote (opens in new tab), "We sincerely apologize for any inconvenience this breach may have caused our members."
The reason why Tango in particular was targeted remains unclear.
The SEA rose to prominence with a series of high-profile hacks earlier this year (opens in new tab), counting the Guardian, the FT and the BBC amongst its victims.