Has TeamViewer been hacked? Should you change your password?

Remote access tools for Windows are very popular these days, both with genuine users and with crooks.

Windows Remote Assistance, for example, allows other people to connect to your computer and see what’s on the screen while you’re working in order to help you along:

When you’re having a computer problem, you might want to get help from someone else. You can use Windows Remote Assistance to invite someone to connect to your computer and assist you, even if that person isn’t nearby. Make sure you only ask someone that you trust, because the other person will temporarily have access to your files and personal information.

It’s as though the other person’s screen, keyboard and mouse were plugged in, via enormously long cables, to your computer.

In fact, they might as well be sitting at your desk, in your office, using your computer directly.

Fake technical support scammers – the criminals who call you up at home and lie to you that you have a virus that needs cleaning – love remote access tools.

Ironically, those guys don’t usually use their remote access to steal your data or implant real viruses (although they could, might, and occasionally do), not least because they know you’re watching along while they “support” you.

For them, remote access merely serves to make it look as though they’re actually doing something to justify the substantial fee they’ll charge you when the “problem” has been “fixed.”

But if crooks figure out your password and use it while you aren’t around, remote access software can be a different sort of gold mine.

They could steal your files and sell the data on the underground; raid your PayPal account to buy “gifts”; buy products on Amazon; read your email; post to your social media accounts; feed false information to your business contacts; and much more.

Worse still, they wouldn’t need any Unix-style command line skills or hacking expertise: they could do it all with the keyboard and mouse, just like they would at home.

The TeamViewer brouhaha

In the last couple of weeks, claims have erupted on Reddit saying that a gang of crooks are doing just that.

These unknown crooks, apparently, are making unauthorised connections to users of TeamViewer and ripping them off.

(TeamViewer, based out of Germany, is one of a number of popular remote access services on the market these days.)

In fact, these claims have developed into accusations that the breaches are best explained by a hack at TeamViewer itself that has given the crooks some sort of backdoor into customers’ computers.

TeamViewer isn’t impressed by this explanation, and has reacted with a strongly-worded press release:

[T]he source of the problem, according to our research, is careless use, not a potential security breach on TeamViewer’s side.

TeamViewer’s advice for avoiding “careless use” of its service includes:

  • Use a different password for each account.
  • Don’t tell other people your passwords.
  • Use two factor authentication.
  • Use a password manager.

Who’s right?

A recently-created thread on Reddit with the title TeamViewer Breach Masterthread is trying to collect some evidence.

The thread encourages users to report if they think they’ve been hacked recently, and to answer questions including:

  • Do you have a TeamViewer Account?
  • Was two-factor authentication enabled?
  • Is your TeamViewer password the same as any other password?

Of course, the fact that someone had a TeamView account and got hacked says nothing about whether the TeamViewer account had anything to do with the intrusion…

…but the results are interesting nevertheless.

At the time of writing [2016-06-03T23:00Z], just under 80 people had responded.

Of those, 53 said they’d been hacked somehow.

But just one of them had two-factor authentication enabled on TeamViewer, and 37 admitted they’d used their TeamViewer password on other accounts.

As far as we can see, that evidence doesn’t point any fingers at TeamViewer.

What to do?

Most remote access tools, including TeamViewer, can be configured so that they will pop up and ask for your approval before allowing a connection.

That’s a simple and effective way to prevent crooks from wandering in while you aren’t there.

(No video? Watch on YouTube. No audio? Click on the [CC] icon for subtitles.)

Learn more about 2FA

(Audio player above not working? Download MP3 or listen on Soundcloud.)