Hack Suspected on TeamViewer After Users Report Unauthorized Connections
TeamViewer, the popular remote desktop connection software that allows people to share screens and remote access, was reportedly hacked by unknown third parties. According to several users, unauthorized access reports started showing up on Reddit over the last few days that resulted in raided PayPal, eBay, and Amazon accounts via stolen credentials stored in the browser. This happened around the time the company suffered possible DNS issues that caused an outage that lasted a couple of hours.
TeamViewer initially claimed that there were no problems with their system, but rather the users’ individual credentials. Given the recent LinkedIn, Tumblr, and MySpace security breaches where millions of email and password combos were hacked due to the re-use of login credentials across various sites and services, TeamViewer claims that it wasn’t hacked directly and that the breach likely stemmed from the reuse of these compromised passwords. “TeamViewer is appalled by any criminal activity; however, the source of the problem, according to our research, is careless use, not a potential security breach on TeamViewer’s side,” TeamViewer said in a May 23 statement. However, even users with strong passwords and two-factor authentication complained that their TeamViewer accounts were hit.
TeamViewer additionally pointed out that : "neither was TeamViewer was hacked nor is there a security hole, TeamViewer is safe to use and has proper security measures in place, our evidence points to careless use as the cause of the reported issue, a few extra steps will prevent potential abuse." However, the company still did not address the recent reports of unauthorized access and merely mirrored the May 23 statement. It was not until June 1st that TeamViewer issued an updated statement to address the outage and unauthorized connections. “TeamViewer experienced a service outage on June 1. The outage was caused by a denial-of-service (DoS) attack aimed at the TeamViewer DNS-Server infrastructure. TeamViewer immediately responded to fix the issue to bring all services back up”. It added, “Some online media outlets falsely linked the incident with past claims by users that their accounts have been hacked and theories about would-be security breaches at TeamViewer, We have no evidence that these issues are related”.
The statement also hints that users should avoid downloading TeamViewer software from free-software sites where it can be repackaged with malicious programs. “Users should avoid all affiliate or adware bundles. While users may think they are just downloading a harmless program, they software could in fact install something else. Users ought to download TeamViewer only through the official TeamViewer channels,” said TeamViewer. It also encourages everyone to use two-factor authentication, which can help prevent remote access hacks of users’ systems.
Here are a few recommendations to ensure TeamViewer users are safe from this threat:
- Change passwords on TeamViewer account
- Log out of TeamViewer account on any machines running the software to avoid access obtained by username/password combo
- Check unexpected incoming connections by opening log files under “Extras”
- Check credit card statements, including PayPal, for suspicious activity
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: Trigona
- Steering Clear of Security Blind Spots: What SOCs Need to Know
- Understanding the Kubernetes Security Triad: Image Scanning, Admission Controllers, and Runtime Security
- Preempting Threats to Connected Cars: The Importance of Cybersecurity in a Data-Driven Automotive Ecosystem
- Your Stolen Data for Sale