Home Forums Discussions General Discussion [Urgent] Teamviewer - Large Number of Hacks

Source - WatchGaurd Security Center

Lots of people using Teamviewer are getting hacked. Teamviewer also went down yesterday. Paypal and Amazon accounts are getting drained.

Hi Sandeep,

Really appreciate the "heads up" posts.

Thanks!

Gene

Are there any warning signs or anything to look for? We all want to try to be as vigilant as possible but, we need to know if there are things to watch for.

Thanks

Alley

are we safe if we just turn off teamviewer or should we just cancel it and use something different.

You're welcome.



Since the source of the breach has not yet been identified, I would strongly recommend to remove it as soon as possible. Their initial response indicated that it was the user's fault for reusing email/password combinations but that has been debunked by several users.

There's a bunch of community threads going around. Things people have observed.
1) It's not specifically isolated to users with accounts. Users who just use an ID and password are being hacked.
2) Even users with 2-factor authentication were still compromised. (e.g. text message and password) suggesting that internal teamviewer ID/Pass system has been compromised.

Check your papyal, amazon, and bank logins if you use teamviewer.

I will post when I get a chance. I am going to give Team Viewer a little leeway here. I can't explain why they have been singled out. It may be what Sandeep is saying. But, it is very interesting this it is about PayPal. I will share my story soon.

Let's say for now, I would not trust, and I would be VERY, VERY wary of ANY email you get from PayPal. If you get an email from PayPal advertising fraudulent activity on your account or advertising the new One Touch, I would immediately call PayPal and ask them if they sent it. Especially look to see if it says, Dear customer or Dear Bert or Dear John Smith. PayPal and just about every other institution have the ability to parse your name out of their database and use it as a greeting in any email they send.

Yes, Sandeep, thanks for posting this here.

Though while TeamViewer admits the problem is significant, they are still insisting their security has not been breached.

http://arstechnica.com/security/201...ence-of-2fa-bypass-in-mass-account-hack/

They are actually advising users to shutdown TeamViewer after they are done using it. Also, they suggest enabling 2FA and not reusing a password from anywhere else.

TeamViewer Support:


I have a theory as to how they pulled it off, but I'm checking to see if it's consistent with the events.

Another good idea is to check if your email has been compromised by the recent breaches (LinkedIn, etc): https://haveibeenpwned.com/

I think TV's wording is incorrect there.