Since more than a month, users are facing issues with the TeamViewer remote login service software. Many have taken to the internet to report their complaints that their computers are being hacked by online attackers who somehow gained access to their TeamViewer account to swipe their PC for data. In a few cases, some have even managed to drain out the user’s PayPal accounts and bank accounts. At present, no one knows how the hacker is gaining access to accounts and only TeamViewer knows how many accounts were breached.
There seems to be a possible breach at the TeamViewer servers. The hacker has details of the user and can get into the PC which uses TeamViewer service running in the background. Reported earlier, a user was in the middle of a gaming session and he suddenly lost control of the mouse and keyboard. To his surprise, he found the TeamViewer service pop-up from the right-bottom corner, near the clock, informing him that a TeamViewer session was in action.
As for the hacking reasons—TeamViewer put forth a press release that the breaches are because the user has not given their software a strong password.
In an open letter to all users, TeamViewer said:
Dear TeamViewer Users,
Protecting your personal data is at the very core of everything we do.
We highly appreciate the trust you place in us and respect the responsibility we have to ensure your privacy. This is why we always feel a strong need to take all necessary steps to safeguard your data.
As you have probably heard, there have been unprecedented large scale data thefts on popular social media platforms and other web service providers. Unfortunately, credentials stolen in these external breaches have been used to access TeamViewer accounts, as well as other services.
We are appalled by the behaviour of cyber criminals, and are disgusted by their actions towards TeamViewer users. They have taken advantage of common use of the same account information across multiple services to cause damage.
At this point we want to underscore that TeamViewer account authentication uses the Secure Remote Password protocol (SRP) and therefore does not store any password-equivalent data.
To do our utmost to help you - our users - and to further strengthen the protection of your data against these hijacks of cyber criminals, we are globally rolling out improved security measures today in a two-fold approach:
Trusted Devices
- With the first measure, we give you even more protection and help to prevent anyone else from accessing your account.
- The Trusted Devices feature ensures that whenever your existing TeamViewer account attempts to sign in on any given device for the first time, we will ask you to confirm the new device as trusted before signing in.
- An in-app notification will ask you to approve the device via a link that we will send to your account email address.
Protecting Your Data Integrity
- The second measure is designed to improve your security against individuals, such as cyber criminals, who steal account credentials and cause damage by taking advantage of the common use of the same account information across multiple services.
- The system determines continuously if your TeamViewer account shows unusual behavior (e.g. access from a new location) that might suggest it has been compromised. To safeguard your data integrity, your TeamViewer account will be marked for an enforced password reset.
- In this case, you will receive an email from us with instructions to reset your password.
NOTE: Because of the global rollout of the two new features users may experience minor inconveniences.
We strongly recommend
We are determined to continue extending our security measures for you. We do not take your trust lightly, nor do we accept any compromise on data security. Please take the following recommendations to heart:
- Protect any user account you own - whether it is with TeamViewer or any another service – by using unique and secure passwords that are frequently changed.
- Ensure you have reliable anti-malware and security solutions in place at all times.
- Enable two-factor authentication whenever possible, such as with TeamViewer.
