I apologize, I am new to this forum and I haven't found a good response through searching.
We installed the free version of Teamviewer 10 on some of our work computers so that when the backups fail, the technician can make changes remotely. We rarely use it but it is often open. We are in a University which has a firewall.
On 10/15, and update came through. The logs clearly show that an update was being downloaded to the update folder, and the ip address of the communicating computer, when "Googled", identified with the parent company of Teamviewer. Apparently, I used the computer at this time and the update installation was aborted.
On 10/16, it appears as though another attempt was made to communicate with this computer, and was successful. After the initial contact was made, the teamview ID was "transferred" to another ID, and the client info is listed as "secret" and the server is listed as "secret". The specs of the computer were then listed and a new "contact" was made within Teamviewer. There is then a series of code talking about connectivity. At this same time stamp, the internet programs were launched and the history reveals that email accounts and paypal was accessed and passwords were attempted to be changed. A person at my work actually saw the cursor being moved and programs opening, but thought it was from the technician (it wasn't). The user ID then switched back to to the original user ID, and the session was terminated.
Question: Is this not uncommon? Does the company want to know about this? Could this be an "inside job" from the company, because it happened the day after an update was attempted so clearly, someone knew that our computer was online and accessible via that way. Are external people monitoring the update schedule? Lastly, is there information in the logs that say what the person did to the computer?