Has TeamViewer Been Hacked?

The popular remote desktop app TeamViewer has apparently been hacked. However, TeamViewer claim the issue lies with its users reusing the same password across multiple sites which makes sense…. until reports started to surface users with 2FA were also affected.

Has TeamViewer Been Hacked?

It appears hackers gained control of victims’ TeamViewer web accounts and utilised this to connect on to users computers where they loaded web browsers to empty PayPal accounts, access webmail, and order stuff from Amazon and eBay (Presumably with users opting to save passwords within the browser).

Users complaining on Twitter are being sent to the ‘change password’ section within their account.

Users worried their account may have been compromised can login to the TeamViewer management console website here: https://login.teamviewer.com/nav/home

Then in the upper right corner, click on your username and edit profile, then click on “Active Logins”, this will list every device and location in the last year that accessed your account. However, this section of the site is extremely slow to load.

Overnight  the software company’s systems mysteriously went off-line, although they claim they are back up and running normally now. TeamViewer claim this was down to a DNS issue and not a hack on its platform.

Taking a look at the number of users complaining on Reddit, Facebook & Twitter it is clear this is not an isolated incident.

If you must have TeamViewer installed, it is recommended to remove ‘Remote Access’ for now and ensure TeamViewer does not start on computer boot-up. It may also be worth changing your password and as with any website, please remember to use unique passwords and where possible use 2FA.

TeamViewer have released an updated statement (and a snapshot taken of the original).

Do you use TeamViewer? Have you been affected? Leave a comment below.


Update From TeamViewer

TeamViewer have posted a statement no longer directly blaming its users for using the same password across multiple sites, but instead provide a generic statement claiming:

External breaches have been used to access TeamViewer accounts, as well as other services. We are appalled by the behaviour of cyber criminals, and are disgusted by their actions towards TeamViewer users. They have taken advantage of common use of the same account information across multiple services to cause damage.

Whilst the latest Press Release does address some issues with regards to its users accounts being compromised, they are still adamant their servers have not been breached.

TeamViewer will be rolling out a new feature called ‘Trusted Devices’. This provides an additional level of security that will require the account owner to validate the connection by clicking a link sent to their registered email account before remote permission is granted.

Head over to the TeamViewer Press Release to find out more.