TeamViewer Hack_June 2016

What happened?

Numerous users of TeamViewer, a popular remote access and meeting software, have reported their computers were remotely hijacked and PayPal and EBay accounts subsequently drained.

Additionally, many users shared on Reddit that they actually witnessed the takeover. Other intruder activities that were observed included installing software and malware, making rogue purchases online and entering online accounts using auto-filled password keychains.

Many of these reports occurred while TeamViewer’s systems were experiencing technical difficulties and fell offline. TeamViewer later claimed these difficulties were related to a non-DDoS attack.

TeamViewer reached out to their users via Twitter on June 7:

TeamViewer Tweet Image

TeamViewer denies it has been hacked. Instead, they blame users’ poor privacy habits, stating many are likely reusing password across multiple platforms. However, users fiercely dispute their claims — stating they’ve never reused passwords and even that their TeamViewer PINs were utilized in the takeover.

It is still unclear exactly how this widespread security incident occurred. But with more than 1 billion user IDs, the TeamViewer hack has the potential to be quite widespread.

What should you do?

Despite the ambiguity regarding the TeamViewer hack, it is wise to take precautionary measures as quickly as possible to reduce the risk of exposure.

  1. Uninstall or secure TeamViewer
    Make the decision to delete or secure your TeamViewer account. If you keep your account, change your password, enable two-factor authentication and set your TeamViewer to automatically lock itself when you log off your device. Change your password and authentication under “edit profile.” You’re your device under Options, Advanced, and setting “Lock Remote Computer” to “Always.”
  2. Check logs for malware
    Your computer’s logs will divulge if software was remotely installed on your device. One reported install was of WebBrowserPassView which will show and export all of the login credential saved to your browser. Do a search for “webbrowserpassview.exe” in your logs; if present, you will need to change stored passwords. You can find your logs here:
  • C:Program Files (x86)TeamViewerTeamViewer11_Logfile.txt
  • C:Program Files (x86)TeamViewerTeamViewer11_Logfile_OLD.txt
  1. Make new, strong passwords
    When changing your TeamViewer and associated passwords, keep them at least eight characters long, include a complex mix of letters, numbers and symbols and never reused passwords across multiple accounts.
  2. Review TeamViewer login activity
    To see if someone has accessed your account, log into TeamViewer, click on your username, select edit profile and go to “Active Logins” for a list of active sessions by location. Many reports cite unauthorized logins from China.
  3. Installed and maintain anti-virus software
    Run and install anti-virus software on your device. Perform updates as soon as they become available, as many allow the software to detect newly-created bugs. If your device is already infected with malware, take the following steps to remove it from your device.

    Guide: 10 Steps to Take When You Discover Malware on Your Computer.