Teamviewer: Hacked or not?

Underscoring the danger of insecure network connections, hackers appear to be targeting TeamViewer - and the company is denying it. TeamViewer offers remote access and online meeting software. Used around the world, the company claims one billion installations, with more than 20 million devices connected at any moment. What if even a portion of those were hacked? And it appears they were. Media reports are mounting that TeamViewer customers are experiencing serious cyber invasions that may have begun in May 2016. While unverified, here are some key points about current activities related to TeamViewer:

  • Gaining access through TeamViewer, cybercriminals are taking remote control of computers in off hours.
  • Attacks include installing ransomware, and accessing and pilfering bank, PayPal, and Amazon accounts using lifted passwords.
  • TeamViewer users report returning to their computer to find a hacker has gained full access to their computer and accounts.
  • A Reddit forum reflects concerns about the hack, symptoms, and damage.

On May 23, 2016, TeamViewer posted to its website, suggesting “careless use,” not a potential security breach is “the cause of the reported issue.” Fast-forward just a week and the company was the target of a Distributed Denial of Service (DDoS) attack. On June 1, 2016, TeamViewer addressed the DDoS on its website, noting: “TeamViewer experienced a service outage on Wednesday, June 1, 2016. The outage was caused by a denial-of-service attack (DoS) aimed at the TeamViewer DNS-Server infrastructure. TeamViewer immediately responded to fix the issue to bring all services back up.” At present, TeamViewer is holding to its statement that the network was downed temporarily by a DDoS. In its June release, TeamViewer stated, “Some online media outlets falsely linked the incident with past claims by users that their accounts have been hacked and theories about would-be security breaches at TeamViewer. We have no evidence that these issues are related.” Remote invasions of systems However, TeamViewer users continue to report remote invasion of their systems despite the use of fresh passwords and two-factor authentication. The key service offered by TeamViewer to its users is secure remote access. Because its primary service is connecting global clients, illicit use of its services could be a highly profitable criminal endeavor. In mid-May, the contact information of more than 100 million LinkedIn users stolen in 2012 turned up for sale. By late May, Time Inc. confirmed cyber intrusion of MySpace accounts that could have exposed more than 300 million users. While it is possible that recent data breach activity associated with TeamViewer is related to the new availability of black market contact information, TeamViewer users with strengthened security are still reporting hijacked computers.