Teamviewer, a piece of software that people can use to remote-control PCs, appears to have been hacked. Numerous user reports have indicated that unknown third parties are taking control of PCs and trying to steal money, through services like PayPal or eBay. Needless to say, this looks bad.
Teamviewer has denied the allegations, but something’s definitely going on. Dozens of Reddit users are flooding the /r/teamviewer forum looking for advice, and one of my personal friends asked my advice after reporting something very similar.
The accounts on Reddit and from my friend all sound similar: someone takes remote access of a PC, and then signs into something like eBay, PayPal, or email services. It’s pretty obvious what is going on — Teamviewer isn’t a backdoor, but a remote control program, so the mouse moves around the screen like there’s an actual user controlling it.
Teamviewer claims it isn’t a problem with its system, but rather with users’ individual credentials. It’s certainly possible — with the recent LinkedIn security breach, there’s millions of email/password combos in the wild, and people are notorious for re-using logins across different sites and services.
But there’s also mounting evidence that it’s some kind of flaw in Teamviewer’s software. My friend claimed he used a unique password, and other users with two-factor authentication enabled have said that they have been hacked, which is virtually impossible if it’s just username/password combos being tried.
In a statement issued today but attributed to a week ago, Teamviewer denied any breach of its systems:
TeamViewer is appalled by any criminal activity; however, the source of the problem, according to our research, is careless use, not a potential security breach on TeamViewer’s side. Therefore TeamViewer underscores the following aspects:
Neither was TeamViewer hacked nor is there a security hole
TeamViewer is safe to use and has proper security measures in place
Our evidence points to careless use as the cause of the reported issue
A few easy steps will help prevent potential abuse
Something weird is going on, however: Teamviewer’s site was down for a few hours this morning, a problem the service attributed to a DNS problem.
While the breaches are being investigated, here’s a few things you can do to ensure any machine you’re running is safe.
- Log out of your Teamviewer account on any machines running the service, so that access can’t be gained by a username/password combo.
- Uninstall Teamviewer if you’re particularly paranoid (or, to be honest, if you’re not expressly using it right now).
- Check the log, which can be found under Extras–>Open log files, and look for any unexpected incoming connections
- Check your credit cards, PayPal and eBay accounts for suspicious activity
- Change the password on your Teamviewer account, and check haveibeenpwned.com to see if your email has any known hacks that could reveal your password.
Whichever way you cut it, this doesn’t look good for Teamviewer. Remote-access software has to trade on the strength of unbreakable security; just the faintest hint that there’s a major security breach could kill the product.