Yesterday at around 10:00 AM EST, TeamViewer’s website and log on servers had gone down due to Denial of Service attacks, causing users of the popular remote-desktop application to be locked out of their accounts. Some users, thinking they were secure, were still compromised.
TeamViewer Accounts Compromised
Many users on reddit.com/r/TeamViewer have reported having their personal computers hacked into remotely by unknown parties, although according to a ‘Master Breach’ thread on reddit most of the users affected did not have 2-factor authentication enabled. In addition, many of the users have had external accounts breached, most likely marking repeated password use as the cause of intrusion. So in this case, the hackers simply tried a list of compromised passwords and e-mails against TeamViewer’s servers and broke into any computer that opened. Although alarmingly, some users report having had 2-factor authentication ENABLED on their accounts and have still had their computers compromised, which raises the question as to whether or not TeamViewer was partially at fault for this issue.
TeamViewer Denies Responsibility, Points Fingers at Users
Reddit user /u/intentazera, whom had 2-factor enabled, posted a response from a ticket sent to their support team about having been hacked:
We first recommend bringing this case up to the police, so they can start an investigation on who accessed your PC. We would be able to provide the police with the latest IP address of an ID of its last contact with our servers, which is saved in our database, which is the information they need to find the intruder.
We had a few cases where users used the same email address and password, which they used in TeamViewer, also in other websites / software / accounts. So to be on the safe side, please change your password, if you did not do it yet.
To further enhance security on your TeamViewer, we recommend using our whitelist feature and also our two factor authentication to manage the access to your account.
All further communication regarding details of the incident will then be handled via the police, so no time is lost for their investigation.
In other words, TeamViewer denies responsibility even though this particular user had 2-factor authentication ENABLED during the time of attack, which theoretically should have stopped the hackers from breaching the users computer. Not only that, but hacked users were never directly alerted by TeamViewer’s support team and instead had to take to their ticketing system. Many existing TeamViewer users likely never even heard of the attacks, as no e-mails were ever sent out to existing users to alert them of there having been a breach on some of their user accounts, likely to save the face of their company rather than to protect the privacy of their users.
It is always in best practice to use different passwords for each account that you have, especially when it is tied to something like your personal computer. When a site you visit sends out warnings to change your password, it is more than necessary to change it, along with any other websites that you may have shared the password with. My best advice to anybody with this software is to permanently uninstall TeamViewer from your computers and look for a better alternative until they figure out how to prevent these kinds of attacks from happening again.