TeamViewer denies hack after PCs hijacked, PayPal accounts drained

[Batu69]

Remote-control tool wobbles offline, blames bad passwords for compromises

Updated TeamViewer users say their computers were hijacked and bank accounts emptied all while the software company's systems mysteriously fell offline. TeamViewer denies it has been hacked.

 

In the past 24 hours, we've seen a spike in complaints from people who say their PCs and servers were taken over via the widely used remote-control tool on their machines. Even users with strong passwords and two-factor authentication enabled on their TeamViewer accounts say they were hit.

 

It appears miscreants gained control of victims' TeamViewer web accounts, and used those to connect into computers, where they seized web browsers to empty PayPal accounts, access webmail, and order stuff from Amazon and eBay.

 

"Hackers got everything from me," Doug, an Idaho-based Twitch streamer who was looking forward to celebrating his birthday today with his wife and two kids, told The Register.

 

"They remote connected in at 5AM MT, went into my Chrome and used my PayPal to buy about $3k worth of gift cards. And yes, I had two-factor authentication."

Over on Reddit, people were lining up with tales of their systems being compromised via TeamViewer, sparking fears the platform had been hacked. TeamViewer makes remote-control clients for Windows, OS X, Linux, Chrome OS, iOS and Android.

 

"I never expected this to happen, but it did," wrote Redditor Eric1084.

"When I sat down on my chair, I saw my mouse is moving across the screen. Of course, I immediately revoked remote control, and asked who [the hacker] is. At that point, he disconnected, and attempted to connect to my Ubuntu server, which has all my backups. Good thing I connected to [the server] right after he remote'd into my workstation. I revoked his permission before he tried to open Firefox. Immediately after, I started panicking, and thought he just stole all my passwords."

 

Another Redditor, famguy07, added: "I had the same thing happen to me tonight. Luckily I was playing Rocket League. I terminated [the connection] after less than 10 seconds. Once it clicked in my brain what had happened, I logged into my server and exited TeamViewer to deal with it later."

 

Pouring further fuel on the fire that TeamViewer had been infiltrated by criminals, at about 0700 Pacific Time (1500 in the UK) today TeamViewer suffered an outage lasting at least three hours, which knocked its website offline and left people unable to connect to their computer remotely.

 

It's claimed TeamViewer.com's DNS was screwed up during the IT snafu, thus stopping people from getting through to the Germany-based company's servers. We've heard that its DNS servers were pointing towards Chinese IP addresses at one point, but we haven't been able to verify that.

TeamViewer has said sorry for the downtime.

Quote

We are currently experiencing issues in parts of our network. We apologize for any inconveniences caused.

— TeamViewer Support (@TeamViewer_help) June 1, 2016

 

After getting its systems back online, TeamViewer insisted that its security was not breached. In a statement bizarrely dated last week but referencing today's events, the biz instead blamed "careless use" of passwords by its customers. People aren't using strong enough credentials, or are reusing passwords from websites that have been hacked – such as LinkedIn and Tumblr, we're told.

 

"Users are still using the same password across multiple user accounts with various suppliers. While many suppliers have proper security means in place, others are vulnerable," the company said.

Quote

@TheRegister Please know we have no security breach. We're experiencing issues in parts of our network. We’re sorry for the inconvenience.

— TeamViewer Support (@TeamViewer_help) June 1, 2016

 

TeamViewer spokesman Axel Schmidt told The Register by phone from Germany tonight that his company has not found any sign of a breach, and suggested people who have been hijacked contact the police.

 

It is possible that some folks have been caught out by password reuse, or by weak passwords, or by a Windows Trojan disguised as an Adobe Flash update that's doing the rounds using TeamViewer to backdoor machines.

 

Yet, we've heard from people who have used passwords unique to TeamViewer, who have enabled two-factor authentication, and have found no malware on their computers, losing control of their systems in the past few days via TeamViewer. It's possible the DNS cockup was part of an elaborate plan by cyber-fiends to intercept people's logins and swipe their passwords, but the company is adamant there was no security breach.

 

If you do use TeamViewer, now would be a good time to triple check your password and security settings to keep miscreants out, and inspect your connection logs and your web browser history for any unauthorized accesses.

Updated to add

In a second statement today, TeamViewer said its DNS systems fell offline because they were pummeled by a denial-of-service attack. "TeamViewer experienced network issues because of the DoS-attack to DNS servers and fixed them," the biz said. "There is no security breach at TeamViewer."

 

Article source

[DKT27]

I have uninstalled it from from my PC. Funny how not much of news media has covered this important security issue.

 

What always concerns me as a user is that it constantly wants the service to be running in background even if you have no use for it. Last time I checked, changing the service to run manually prevented it from working properly.

 

Eitherway, some information here.

[jango]

so this is the reason why teamviewer offline yesterday this is bad, that's why i close TV when i don't need it.

[mikie]

I turn TeamViewer access to disabled .. it stays disabled when it updates too... I just checked

But it always changes services to automatic / started and I always change it to manual with every update.. after I notice it.  Works fine for me to access other computers which mostly are quick support types.

[Holmes]

My teamviewer is fine I dont recommend you have teamviewer load on startup and giving it full control to windows login.

[vibranium]

Quote

 

Yet, we've heard from people who have used passwords unique to TeamViewer, who have enabled two-factor authentication, and have found no malware on their computers, losing control of their systems in the past few days via TeamViewer. It's possible the DNS cockup was part of an elaborate plan by cyber-fiends to intercept people's logins and swipe their passwords, but the company is adamant there was no security breach.

 

 

Well, somebody's not telling the truth!

[DKT27]

2 minutes ago, vibranium said:

Well, somebody's not telling the truth!

 

Too many user reports confirming this to count as users doing so.

[steven36]

Another app i never used,  and got along just fine without it ...

[DKT27]

1 hour ago, steven36 said:

Another app i never used,  and got along just fine without it ...

 

You would be surprised how many people get helped on their computers and computer problems with this software here.

[steven36]

1 minute ago, DKT27 said:

 

You would be surprised how many people get helped on their computers and computer problems with this software here.

I know tons use it but i never  needed it , I been  trouble shooting pcs  for 15 years , I dont trust people i dont know in real life to access my pc .  Like right now I'm on Linux  I doubt many Windows users even know how to troubleshoot it i learned how by just reading up on things . I have the gift of comprehension , what i dont have is the gift of is patience with other people . I keep  this port blocked that this app uses .

[DKT27]

3 minutes ago, steven36 said:

I know tons use it but i never  needed it , I been  trouble shooting pcs  for 15 years , I dont trust people i dont know in real life to access my pc .  Like right now I'm on Linux  I doubt many Windows users even know how to troubleshoot it i learned how by just reading up on things . I have the gift of comprehension , what i dont have is the gift of is patience with other people . I keep  this port blocked that this app uses .

 

I see. Still, with this software, if you helping the other person, he/she does not have any access to your PC, but you do of theirs though.

[steven36]

21 minutes ago, DKT27 said:

 

I see. Still, with this software if you helping the other person, he/she does not have any access to your PC, but you do of theirs though.

I have a friends who use it sometimes i dont have time  to do this  ,,, The golden rule dont install software you dont use,  the less software you have the less chance you have of being hacked . Everything you install  there more of a chance of something getting trough . Some software never have  security fixes in there changelog at all it makes you wonder and this says there bad trouble in the industry .

 

TeamViewer deny this is even really is happening from what i read about it yesterday , they dont even sound like some company you could really trust but since there not much software like this  if you need it you dont have much choice do you?

[nanana1]

Heads up, TeamViewer users. There's trouble in the air, and it's not quite clear where it's coming from. The software is making inroads into remote banking automation, though not in the form one would expect. Many users are reporting that their TeamViewer-enabled computers were broken into by unknown attackers, who proceeded to clean out PayPal accounts, order gift cards and items from online stores, and perform other equally helpful operations. The company has issued a statementindicating there was no security breach on its servers, and attributes the break-ins to poor password choices and a piece of Windows malware currently in the wild.

 

The TeamViewer software offers cross-platform remote control functionality. While the most common method for using it is on a single machine with a randomly-generated username and password, the service also allows users to have a site account to keep a collection of computers and optionally log into them directly. The company may have a point about weak passwords. The recently-reported LinkedIn and Tumblr breaches have potentially exposed over 100 millions passwords, and it's a well-known fact that many users can't be bothered to pick a more imaginative password than "firstnameyearofbirth."

There's a fly in TeamViewer's ointment, though. Some users that reported break-ins had the service's two-factor authentication enabled, which should have prevented unauthorized access even if the attacker was holding the correct credentials. That would leave the Windows malware as the only avenue for exploitation. The company's servers were down for about three hours, too, although the relevance of that fact is open to interpretation.

 

TeamViewer says a DDoS attack was targeting its DNS servers, although predictably, many users aren't convinced. A few of them actually caught the miscreants in the act, too. TR gerbil "HorseIicious" told us his tale of woe, mercifully to the tune of "only" $175. The company is recommending that users contact law enforcement agencies about the break-ins.

 

Source Link :

http://techreport.com/news/30233/teamviewer-users-having-bank-and-store-accounts-remotely-controlled

 

 

[Batu69]

Thread has been merged.