Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

TeamViewer Denies Breach After Users Get Hacked

Many users have complained that their computers were accessed by hackers via the popular remote access and support tool TeamViewer, but the company says its systems have not been breached.

Many users have complained that their computers were accessed by hackers via the popular remote access and support tool TeamViewer, but the company says its systems have not been breached.

Users reported on Reddit that their computers were remotely accessed through TeamViewer by unauthorized parties who attempted to steal money from their PayPal accounts and purchase various items on eBay and other websites. The attackers are accessing victims’ accounts through their web browser, which is often configured to remember credentials for commonly used online services.

Many assumed that TeamViewer was either hacked or someone identified a serious vulnerability in the application. However, the vendor has ruled out both these scenarios, saying that the attackers are most likely leveraging leaked passwords and counting on the fact that many people use the same password across multiple websites.

Password reuse could be the cause of these attacks. Hackers recently leaked hundreds of millions of credentials stolen a few years ago from LinkedIn and Myspace, which has led to a surge in account takeover attempts. Reddit reported last week that it had reset the passwords of 100,000 users over a two-week period after detecting unauthorized access.

“TeamViewer is safe to use, because TeamViewer has proper security measures in place including end-to-end encryption to prevent man-in-the-middle attacks, anti-brute-force means, and more,” TeamViewer said in a statement.

“Unfortunately, users are still using the same password across multiple user accounts with various suppliers. While many suppliers have proper security means in place, others are vulnerable. The latter ones tend to be targeted by professional data thieves,” the company added. “As TeamViewer is a widely spread software, many online criminals attempt to log in with the data gained from compromised accounts (obtained via the aforementioned vulnerable sources), in order to discover whether there is a corresponding TeamViewer account with the same credentials.”

Advertisement. Scroll to continue reading.

TeamViewer has advised users to set strong, unique passwords and enable two-factor authentication (2FA) on their accounts. However, a handful of users have reported getting hacked via TeamViewer even with 2FA enabled. On the other hand, some have confirmed that their passwords were exposed in the recent Myspace and LinkedIn leaks.

TeamViewer also experienced a service outage on Wednesday and some users assumed it might be somehow related to the attacks. However, in a statement sent to SecurityWeek, the company clarified that the outage was caused by a DDoS attack aimed at the company’s DNS servers and it has nothing to do with computers getting hacked.

It’s not uncommon for malicious actors to use TeamViewer in their operations. The remote access tool has been used over the past years by both APT actors in cyber espionage operations and profit-driven cybercriminals. Researchers reported last week that a backdoor has been abusing TeamViewer to load a malicious library on infected devices.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Endpoint Security

Gigabyte has announced BIOS updates that remove a recently identified backdoor feature in hundreds of its motherboards.

Endpoint Security

Several major companies have published advisories in response to the Downfall vulnerability affecting Intel CPUs.

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

CISO Strategy

Varied viewpoints as related security concepts take on similar traits create substantial confusion among security teams trying to evaluate and purchase security technologies.

Endpoint Security

The Zero Day Dilemma

Endpoint Security

When establishing visibility and security controls across endpoints, security professionals need to understand that each endpoint bears some or all responsibility for its own...