Teamviewer compromised, reports of money lost via paypal and possibly other sources

[Syntaxvgm]

Many people so far on reddit have reported being hacked via teamviewer. Some catching it in action, seeing their mouse move and unplugging their mouse ethernet lol, others, not so lucky ending up with unauthorized transactions in their paypal account. 

Some believe there has been a breach of teamviewer's servers, others think it may be malware related or even password reuse- other sites were compromised and they attempted to log into teamviewer with those credentials. 

So far, Teamviewer is not acknowledging any breach, just network issues. 

https://twitter.com/TeamViewer

If you have teamviewer installed, I urge you to remove it, and investigate if you've been compromised. 

Seriously, that's why I'm posting this, I did not see this topic here. 

Head over tot he teamviewer sub for more information, including checking your connection logs. 

https://www.reddit.com/r/teamviewer/

Just a few link of people claiming to be hacked- there are MANY more, not just on reddit. 

https://www.reddit.com/r/teamviewer/comments/4m56gu/my_teamviewer_was_hacked_gift_cards_were/

https://www.reddit.com/r/teamviewer/comments/4m5r3p/got_hacked_caught_them_in_the_act_heres_what_i/

https://www.reddit.com/r/teamviewer/comments/4m3cbp/so_i_was_one_of_them/

https://www.reddit.com/r/teamviewer/comments/4l4oq3/tv_hacked_with_2_factor_enabled_and_password/

https://www.reddit.com/r/teamviewer/comments/4ktn46/wifes_machine_hit_through_tv_1000_in_amazon_gift/
 

 

[Hans Christian | Teri]

Honestly, running an RDS connection 24/7 on your home PC isn't too wise... 

[Apathetik]

7 minutes ago, Hans Christian | Teri said:

Honestly, running an RDS connection 24/7 on your home PC isn't too wise... 

 While I do agree that you shouldn't run remote desktop servers on a home PC 24/7 unless you absolutely have to, and you know what you're doing. I'm not familiar enough with Teamviewer to discuss it particularly. But, I've been running SSH, and RealVNC Enterprise for externally connecting to my home network for years without any problems, ever. 

  The main difference is that I follow (not perfect but) much more strict security practices than most people. I use SSH in most situations, with RealVNC limited to the local network. When necessary, I can SSH in with x11 forwarding to pass a RealVNC session window. But I can also SSH in and open up access to RealVNC directly over the internet if necessary. I always use 4k keys for SSH, 40+ character password for RealVNC, and change them frequently. 

 

  While this may be an issue directly related to how Teamviewer works, or some flaw in their program. I think the bigger issue is how lax most people are with their own security practices.

[Hans Christian | Teri]

9 minutes ago, Apathetik said:

 While I do agree that you shouldn't run remote desktop servers on a home PC 24/7 unless you absolutely have to, and you know what you're doing. I'm not familiar enough with Teamviewer to discuss it particularly. But, I've been running SSH, and RealVNC Enterprise for externally connecting to my home network for years without any problems, ever. 

  The main difference is that I follow (not perfect but) much more strict security practices than most people. I use SSH in most situations, with RealVNC limited to the local network. When necessary, I can SSH in with x11 forwarding to pass a RealVNC session window. But I can also SSH in and open up access to RealVNC directly over the internet if necessary. I always use 4k keys for SSH, 40+ character password for RealVNC, and change them frequently. 

 

  While this may be an issue directly related to how Teamviewer works, or some flaw in their program. I think the bigger issue is how lax most people are with their own security practices.

See, that is exactly what you should be doing. Way to go sir!

[Eniqmatic]

Actually, they have responded with a full statement on their website saying people are essentially reusing old or insecure passwords:

 

http://www.teamviewer.com/en/company/press/statement-on-service-outage/?utm_source=Twitter&utm_medium=social%20&utm_content=statementserviceoutage&utm_campaign=Social

[Thony]

1 hour ago, Syntaxvgm said:

Many people so far on reddit have reported being hacked via teamviewer. Some catching it in action, seeing their mouse move and unplugging their mouse, others, not so lucky ending up with unauthorized transactions in their paypal account. 

Thats why i dont keep any important passwords saved in a browser nor anywhere else on my PC. Old pen and paper always safe

[TrigrH]

2 hours ago, Syntaxvgm said:

If you have teamviewer installed, I urge you to remove it, and investigate if you've been compromised. 

thats bullshit.

 

they cant open the program and connect to your computer just cos you have teamviewer installed lol.

 

if you are silly enough to have it running all the time with some remote connection, then dont do that.

 

not really sure how but they got my email and sent me a "contact request":

 

Quote

rrsd@ziggo.nl would like to add you as a contact in his/her TeamViewer contacts list.

To accept rrsd@ziggo.nl as a contact please click the following link.
https://login.teamviewer.com/accountnotification.aspx?lng=en&token=(removed)

as long as you don't leave the door open, you are fine.

[deviant88]

27 minutes ago, Thony said:

Thats why i dont keep any important passwords saved in a browser nor anywhere else on my PC. Old pen and paper always safe

that is imposible, ive gather so many of them i would need a catalogue full of them, searching for anything in there would take forever, best is to keep it in a document locked in an encrypted archive, and without googles password memory i would have to use same account and password for everything, else i wouldnt remember them

[Syntaxvgm]

1 hour ago, Hans Christian | Teri said:

See, that is exactly what you should be doing. Way to go sir!

Oh telling people to remove the program that may be compromised is bullshit? Especially when TV is flat out denying this is happening? Fact is we don't know 100% what caused this, and I only said that as A LOT of people set up unattended access, and have it start with windows so they can access their computer any time away from home. It sounds stupid, but a lot of people do that, believe me. You're right, it's smarter to not have it open when you are not using it, but that's not how a lot of people use it. In fact, I think setting up unattended access is part of the installation prompts. 
I think what you are missing here is the reason people use teamviewer is it's very easy to set up for those that aren't necessarily power users, and simply telling them to remove it is a pretty safe bet until this is figured out. 

[M4st4M1nd]

34 minutes ago, Syntaxvgm said:

simply telling them to remove it is a pretty safe bet until this is figured out. 

Its already been figured out. Its just people reusing passwords and using insecure passwords. 

[Syntaxvgm]

31 minutes ago, M4st4M1nd said:

Its already been figured out. Its just people reusing passwords and using insecure passwords. 

that's a theory, but likely. 

[KenJimmY]

thanks for the heads up

[vanished]

How exactly did people think unplugging their mouse would stop an attacker who has a remote connection from controlling the cursor?

[Master Disaster]

6 minutes ago, Ryan_Vickers said:

How exactly did people think unplugging their mouse would stop an attacker who has a remote connection from controlling the cursor?

My exact first thought too, if you going to unplug anything it should be the power, not the mouse. 

 

I have RDC running on my fileserver 24/7 and have never had any issues, I use a really obscure username which is the only account that has access (Admin account is using a stupid passphrase no one will ever brureforce, heck I can't even remember it) and a secure passphrase. If you gonna allow anything full in and outbound Internet then you'd better go out of you way to ensure its secure. 

[manikyath]

so.. up until i heard of this i was still running teamviewer off a hideously old password of mine, i checked my home server, and nothing. i've actuallyn dug trough my (ridiculously long) logs and there's nothing but my main desktop and my laptop there.

 

needless to say i decided to swap to a new password just in case. (fyi, the password i used on teamviewer was older than the one that was compromised on this forum with the big man in the middle attack)

 

do as i say; not as i do: if you're gonna give people a direct link to your device, MAKE DANG FRIKKIN SURE ITS PASSWORDED GOOD.

[Bojamijams]

This is only if you're made an account right?
 

If you just use the ID and random password assigned per TV launch, then you're fine? 

[vanished]

7 hours ago, M4st4M1nd said:

Its already been figured out. Its just people reusing passwords and using insecure passwords. 

If that is true, this isn't a hack.  It's just people with bad passwords falling victim to said passwords, which could (and has) happened on every other website in existence.

[WelshDdraig]

This may sound stupid, but I want to ask anyway,

I use Teamviewer but I haven't had the application running for the past week or so. does that mean I'm safe since there was no client to connect to?

Also Teamviewer responded - http://www.teamviewer.com/en/company/press/statement-on-service-outage/?utm_source=Twitter&utm_medium=social &utm_content=statementserviceoutage&utm_campaign=Social

[Pesmerga]

I have the software but I don't have an account

[flowalex]

I would remove it, but it is the only one that lets me transfer files from my desktop to laptop while I am at school, port 21 is blocked unless on a school computer and I usually grab files all the time from my desktop while in class that I need only two computers have the account set up and one has been off since January and the other TeamViewer has been closed since I installed it (classes had ended for the term).  So I have to stick with TeamViewer unless anyone has a good windows and linux FREE alternative with file sharing

[Master Disaster]

4 minutes ago, flowalex said:

I would remove it, but it is the only one that lets me transfer files from my desktop to laptop while I am at school, port 21 is blocked unless on a school computer and I usually grab files all the time from my desktop while in class that I need only two computers have the account set up and one has been off since January and the other TeamViewer has been closed since I installed it (classes had ended for the term).  So I have to stick with TeamViewer unless anyone has a good windows and linux FREE alternative with file sharing

VNC and RDC both support file transfer. Heck you could SSH in and file transfer, you can manually set a port for your SSH connection then run putty from a flash drive at school. 

[flowalex]

RDC is blocked except on school computers (in the computing and Digital media labs only) only ports available are 80 and 443.  And for VNC the only ones that I have found that support file transfer cost 30 USD per device, if there is one different than the one below link it to me

https://www.realvnc.com/products/vnc/ 

 

[Vanderburg]

It may have actually been a hack. If their DNS was hijacked, they could probably then approve any connection they like, regardless of method. Some have reported being compromised even with two factor.

[Master Disaster]

29 minutes ago, Vanderburg said:

It may have actually been a hack. If their DNS was hijacked, they could probably then approve any connection they like, regardless of method. Some have reported being compromised even with two factor.

Not without breaking the encryption first, I'm damn sure TV is using some form of encryption, right? 

[Syntaxvgm]

12 hours ago, Ryan_Vickers said:

How exactly did people think unplugging their mouse would stop an attacker who has a remote connection from controlling the cursor?

really? they did? That's funny. I noticed one said they unplugged their Ethernet, which is the correct thing to do.