TeamViewer Hacked? It Certainly Looks Like It

Use Netsparker


So is TeamViewer Hacked? There’s no definitive answer for now as they aren’t admitting to anything – but it does look very suspicious. The whole service was down for a few hours, the domains were apparently pointing to Chinese IP addresses (DNS Hijacking?) and no-one could login.

TeamViewer Hacked? It Certainly Looks Like It

A whole bunch of users also turned up claiming their computers were hacked via TeamViewer with funds being stolen from PayPal bank accounts and all kinds of havoc being wreaked.

It’s not really looking good for TeamViewer right now, and whilst they are stating their DNS servers got DDoSed – which took them offline, they really aren’t saying anything more than that.

TeamViewer users say their computers were hijacked and bank accounts emptied all while the software company’s systems mysteriously fell offline. TeamViewer denies it has been hacked.

In the past 24 hours, we’ve seen a spike in complaints from people who say their PCs, Macs and servers were taken over via the widely used remote-control tool on their machines. Even users with strong passwords and two-factor authentication enabled on their TeamViewer accounts say they were hit.

It appears miscreants gained control of victims’ TeamViewer web accounts, and used those to connect into computers, where they seized web browsers to empty PayPal accounts, access webmail, and order stuff from Amazon and eBay.

“Hackers got everything from me,” Doug, an Idaho-based Twitch streamer who was looking forward to celebrating his birthday today with his wife and two kids, told The Register.

“They remote connected in at 5AM MT, went into my Chrome and used my PayPal to buy about $3k worth of gift cards. And yes, I had two-factor authentication.”

Over on Reddit, people were lining up with tales of their systems being compromised via TeamViewer, sparking fears the platform had been hacked. TeamViewer makes remote-control clients for Windows, OS X, Linux, Chrome OS, iOS and Android.


TeamViewer Hacked

It seems like the TeamViewer hacked talk came from the web service, which would be consistent with the platform being compromised – as the users with strong authentication details also suffered losses (strong passwords and 2FA alike).

TeamViewer is totally denying any kind of intrusion point blank and has stated multiple times there has been no breach, Teamviwer hacking is not an uncommon thing though.

Pouring further fuel on the fire that TeamViewer had been infiltrated by criminals, at about 0700 Pacific Time (1500 in the UK) today TeamViewer suffered an outage lasting at least three hours, which knocked its website offline and left people unable to connect to their computers remotely.

It’s claimed TeamViewer.com’s DNS was screwed up during the IT snafu, thus stopping people from getting through to the Germany-based company’s servers. We’ve heard that its DNS servers were pointing towards Chinese IP addresses at one point, but we haven’t been able to verify that.

After getting its systems back online, TeamViewer insisted that its security was not breached. In a statement bizarrely dated last week but referencing today’s events, the biz instead blamed “careless use” of passwords by its customers. People aren’t using strong enough credentials, or are reusing passwords from websites that have been hacked – such as LinkedIn and Tumblr, we’re told.

“Users are still using the same password across multiple user accounts with various suppliers. While many suppliers have proper security means in place, others are vulnerable,” the company said.

We will have to see over the next few days if TeamViewer suddenly has a change of heart and becomes a little more forthcoming about the details of an intrusion (if indeed there was one).

As usual, they are fingering users, with some vague statement about weak passwords or reused passwords from other breaches. You can check out more Hacking News here.

Source: The Register

Posted in: Hacking News


Latest Posts:


Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.
testssl.sh - Test SSL Security Including Ciphers, Protocols & Detect Flaws testssl.sh – Test SSL Security Including Ciphers, Protocols & Detect Flaws
testssl.sh is a free command line tool to test SSL security, it checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.
Four Year Old libSSH Bug Leaves Servers Wide Open Four Year Old libssh Bug Leaves Servers Wide Open
A fairly serious 4-year old libssh bug has left servers vulnerable to remote compromise, fortunately, the attack surface isn't that big as neither OpenSSH or the GitHub implementation are affected.
CHIPSEC - Platform Security Assessment Framework CHIPSEC – Platform Security Assessment Framework For Firmware Hacking
CHIPSEC is a platform security assessment framework for PCs including hardware, system firmware (BIOS/UEFI), and platform components for firmware hacking.


7 Responses to TeamViewer Hacked? It Certainly Looks Like It

  1. Kek June 3, 2016 at 7:11 am #

    Hah, you said they were fingering users.

    • Darknet June 3, 2016 at 3:56 pm #

      Glad to see that tickled you ;)

  2. Hakan June 3, 2016 at 7:43 pm #

    Alpemix is much more better

  3. AndyAdmin June 3, 2016 at 9:42 pm #

    These two statements contradict each other:

    “Even users with strong passwords and two-factor authentication enabled on their TeamViewer accounts say they were hit.

     

    It appears miscreants gained control of victims’ TeamViewer web accounts…”

     

    2-factor authentication would prevent login to TV web accounts (unless there was indeed a breach).

    • Darknet June 3, 2016 at 10:24 pm #

      Exactly why I’m saying it looks like a breach..

  4. Crates June 3, 2016 at 10:22 pm #

    DNSSEC and DDoS-protected NS servers (e.g. CloudFlare) exist for a reason.

    Shame on TV for not getting ahead of this, and shame for not owning up.

     

  5. Mike June 6, 2016 at 2:43 pm #

    Regarding Doug from Idaho who’s quoted in the article – OK, so somebody managed to remote control into your computer. But then how did they get into your Paypal account so easily?

    Did you re-use the same password?

    Or do you have the Paypal site set to remember your computer so that you don’t have to type in your Paypal password?

    Sorry Doug, perhaps it’s not your fault that the bad guys connected to your computer via TeamViewer, but you certainly were lax in your security practices regarding your Paypal account.