The breach of TeamViewer was initially reported yesterday afternoon after several reports of breaches were starting to appear online. Although it remains unclear as to how this breach has taken place in the first place, there is growing concern regarding the company’s DNS servers being hijacked. As a result, users may have been connecting to a fake TeamViewer server, where they entered their credentials.
TeamViewer themselves seems to be putting the blame on their users, for reusing the same password across multiple platforms. This is a very weak excuse, and has no validity whatsoever, considering users with 2FA and unique passwords are affected as well. By the look of things, the company does not want to take any responsibility regarding this issue, which will cause a lot of negative press.
To make matters even worse, several TeamViewer users have reported how they lost money as a result of this attack. PayPal accounts have been drained, causing thousands of US Dollars to be stolen all over the world. The company is blaming this on the users as well, albeit there is very little someone can do about it when the remote desktop service they use is compromised.
But there is more, as various news sources have been reporting on the TeamViewer hack in the past 24 hours. Some of them were contacted by the company to censor the content and change the general tone of their articles. Failure to do so would result in legal action being taken by the company. Once again, not a good business practice by such a prominent company, albeit they are clearly more concerned about covering their behinds rather than helping customers at this point.
Twitter logs from TeamViewer Support seem to indicate the company is denying all claims of a security breach so far. They do acknowledge the service is experiencing issues, though, but that is about as far as they will go. Sticking one’s head in the sand like an ostrich will not make these problems go away, and technology companies should know better than this.
Teamviewer users need to ensure their account was not accessed by a third party in the past few days. A helpful guide was posted on Reddit to help people go through their logs for any suspicious activity. It is not unlikely that affected systems were subject to a browser password sniffer as well, which would explain the PayPal account draining.
Affected users are advised to look for alternative solutions, as it is unclear whether or not TeamViewer is still compromised right now. There are plenty of alternatives out there, either free or paid, which offer the same type of functionality. This story will continue to unfold over the next few days, and we will keep an eye out for future updates.