Several reports indicate that unknown third parties are taking control of PCs and emptying their bank accounts through services like PayPal or eBay. TeamViewer is a remote desktop connection software that allows users to share screens and allow remote access from anywhere in the world. TeamViewer’s website went offline until around 1:00 PM, while a tweet from the company stated they were “experiencing issues in parts of [the] network,” while the separate TeamViewer Support account stated that “we have no security breach.” Also, TeamViewer claims that there is no hack or data breach, and any account hijackings stem from reuse of passwords compromised in the recently disclosed LinkedIn, Tumblr and MySpace breaches. No further contact regarding a hack or data breach has been made, but users are tweeting and posting on forums about their own experiences. “I believe I got hacked Saturday morning through TeamViewer,” wrote Reddit user Morblius. “They accessed my PayPal and transferred $3,000 from my PayPal account to theirs.”
— TeamViewer (@TeamViewer) June 1, 2016 “I think they got past 2fa,” wrote bobsagetfullhouse, referring to two-factor authentication. “I see a connection to my PC around 2:30 a.m. last night. Good thing I have a strong windows password.” “I went to look at my active login sessions and there was a session 2 days ago from China,” wrote smjiko. “My computer has been away in repairs for the last 5 days but TeamViewer has been running while they were attempting to repair the PC.” None of the Reddit accounts could be independently verified. The unauthorized access reports started showing up on Reddit around the same time that the company suffered possible DNS issues that triggered an outage lasting for several hours. While the malicious activity differs, but the most commonly used is logging into PayPal and banking accounts or installing ransomware. Even people who used unique passwords in every account have been suffering, as the hackers have managed to access ChromePass to steal all the victims’ passwords.
— Kenneth Holley (@kennethholley) May 30, 2016 In a blog posting dated May 23, the German company said that any reports of account hijackings stem from “careless use, not a potential security breach on TeamViewer’s side.” “TeamViewer is safe to use, because TeamViewer has proper security measures in place including end-to-end encryption to prevent man-in-the-middle attacks, anti-brute-force means, and more,” the blog posting added. “Unfortunately, users are still using the same password across multiple user accounts with various suppliers.” However, the Team Viewer team has now issued an updated statement on the outage and unauthorized connections that read: “TeamViewer experienced a service outage on Wednesday, June 1, 2016. The outage was caused by a denial-of-service attack (DoS) aimed at the TeamViewer DNS-Server infrastructure. TeamViewer immediately responded to fix the issue to bring all services back up. “Some online media outlets falsely linked the incident with past claims by users that their accounts have been hacked and theories about would-be security breaches at TeamViewer. We have no evidence that these issues are related.” The statement also indirectly warned user to avoid downloading TeamViewer software from free-software repositories, which often packs installers with unwanted programs. “Users should avoid all affiliate or adware bundles: While users may think they are just downloading a harmless program, the software could in fact install something else,” the statement said. “Users ought to download TeamViewer only through the official TeamViewer channels such as the TeamViewer website https://www.teamviewer.com.”