Numerous users of TeamViewer, a popular remote access and meeting software, have reported their computers were remotely hijacked and PayPal and eBay accounts subsequently drained.
Additionally, many users shared on Reddit that they actually witnessed the takeover. Other intruder activities that were observed included installing software and malware, making rouge purchases online and entering online accounts using auto-filled password keychains.
Many of these reports occurred while TeamViewer’s systems were experiencing technical difficulties and fell offline. TeamViewer later claimed these difficulties were related to a non-DDoS attack.
TeamViewer reached out to their users via Twitter on June 7:
TeamViewer denies it has been hacked. Instead, they blame users’ poor privacy habits, stating many are likely reusing password across multiple platforms. However, users fiercely dispute their claims — stating they’ve never reused passwords and even that their TeamViewer PINs were utilized in the takeover.
It is still unclear exactly how this widespread security incident occurred. But with more than 1 billion user IDs, the TeamViewer hack has the potential to be quite widespread.
What should you do?
Despite the ambiguity regarding the TeamViewer hack, it is wise to take precautionary measures as quickly as possible to reduce the risk of exposure.
- Uninstall or secure TeamViewer
Make the decision to delete or secure your TeamViewer account. If you keep your account, change your password, enable two-factor authentication and set your TeamViewer to automatically lock itself when you log off your device. Change your password and authentication under “edit profile.” You’re your device under Options, Advanced, and setting “Lock Remote Computer” to “Always.”
- Check logs for malware
Your computer’s logs will divulge if software was remotely installed on your device. One reported install was of WebBrowserPassView which will show and export all of the login credential saved to your browser. Do a search for “webbrowserpassview.exe” in your logs; if present, you will need to change stored passwords. You can find your logs here:
- C:\Program Files (x86)\TeamViewer\TeamViewer11_Logfile.txt
- C:\Program Files (x86)\TeamViewer\TeamViewer11_Logfile_OLD.txt
- Make new, strong passwords
When changing your TeamViewer and associated passwords, keep them at least eight characters long, include a complex mix of letters, numbers and symbols and never reused passwords across multiple accounts.
- Review TeamViewer login activity
To see if someone has accessed your account, log into TeamViewer, click on your username, select edit profile and go to “Active Logins” for a list of active sessions by location. Many reports cite unauthorized logins from China.
- Installed and maintain anti-virus software
Run and install anti-virus software on your device. Perform updates as soon as they become available, as many allow the software to detect newly-created bugs. If your device is already infected with malware, take the following steps to remove it from your device.
Guide: 10 Steps to Take When You Discover Malware on Your Computer.
Fighting Identity Crimes will keep you updated as new information becomes available about the potential TeamViewer hack. Be sure to subscribe to our blog to stay up to date with the latest identity theft and fraud news.
The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.