TeamViewer Forum
General Category => Teamviewer for Windows => Topic started by: spyoptix on April 20, 2016, 09:22:48 AM
-
I think my Teamviewer account was compromised. I was sitting at my PC and all of a sudden the active connection window pops up. I tried to change my password but the email I received came back in chinese. Should I fill out the password reset or what? I will discontinue my use of teamviewer, but I'd like to know if my account was compromised.
This is a little unsettling.
-
third or forth reported case I seen here in recent weeks....
Yes change your password immediately.
Review your connection settings
-
It happened to me today, too. The user was logged in as me.
I had another computer on my account sitting next to me and after I closed them out of one they logged into the other. Both times I exited Teamviewer immediately upon seeing the connection. I was able to log in online and change my password.
Had a user named Nero511 friend request me yesterday. I did not accept it. I've looking through the log in Windows to see what happened and see if I can block the IP. Not that it's a great solution but I'm not sure what else to do.
-
just curious how complex your passwords were prior to being "hacked"
-
This board was created by a Teamviewer user to centralize support options for the Teamviewer community that uses both the the free and paid version.
This board has been fortunate enough to have several Teamviewer members join and offer assistance when they can.
Thank you to them.
That said they don't always have time to monitor these boards and offer help, Teamviewer does offer a ticket system for the private user:
You can navigate to this page and submit a ticket
http://www.teamviewer.com/en/help/createticket.aspx
choose "private" category then "next", then fill out the form and submit.
Keep in mind that support questions for the free version may take some time to be answered so please, post your issue in the appropriate board here, you may find one of the community members can answer the issue quickly and add the resolution if received from the support team.
An additional method for getting answers is to post to the Teamviewer official Facebook page, they often are able to answer more quickly:
https://www.facebook.com/teamviewer
If either case, if you submit and receive and response, please post it back here to the forum so that other may benefit.
Thanks for participating !
highly suggest posting to their facebook page
-
Exact same issue. Walked in and someone was logged in as me and stealing all my passwords that Chrome had saved.
-
When your accounts were hacked, do you believe it was through simply having the software installed, or do you believe it was because you had the Unattended Access enabled and configured and that is how they are getting in?
I am just curious if the possible vulnerability is with the software being installed itself, or with this feature that could simply not be enabled.
Thanks
:D
-
I suspect that 'computers and contacts' login details are being sniffed / guessed, and that computers with logon details in those lists are being harvested...
But I'm only guessing
-
This happened to me in the beginning of April. It was a multi-level security failure on my part.
I was woken up at 2AM by a call from a random number (that got through my DND because it called multiple times). Turns out it was the PayPal Fraud department, because someone had made 6 $100 purchases of gift cards on eBay with my PayPal account, and then bought some NCSoft coins as well.
I rushed to my computer, not knowing at the time that I had interrupted someone who was still connected to my computer watching me. I ended up kicking them off when I restarted my PC. At first I thought I had some kind of virus or was phished. It didn't dawn on me it was Teamviewer until I looked at my wife's PC and someone had eBay and PayPal up on that! Then I looked at my logs and saw multiple connections in the past two hours, AND all the history of eBay/PayPal/NCSoft was still in my Chrome browser.
From the Teamviewer logs I can see that they copy/pasted things several times (Including definitely all of my Chrome passwords using WebBrowserPassView, which was still on my desktop). So in addition to making purchases from my computer and from my PayPal account, they took all my passwords (400 or so.. I ran it myself to get the list to fix).
Was my Teamviewer password secure? I thought so. I may have used it on a few other sites. But I did not have two factor authentication turned on (I do now), I did not have passwords on my home PCs (it's only my wife and I, so I didn't see the need. But I do now), and I had all my passwords saved in Chrome (never again). I also had unattended access set up with no passwords required.. I still do actually.
I was also luckily able to get all the charges reversed.
The weird thing is ever since then I am getting at least two random contact requests on my Teamviewer account a week.. probably not good.
Whether my credentials used on Teamviewer were compromised somewhere else and tested, or my Teamviewer account itself was stolen somehow, I don't know. But that wasn't a good situation. I do see today that there are reports of 270 million account credentials from various places being passed around, I am really curious if Teamviewer is in there.
-
I don't know if this is related, but I think it is.
Since mid-April I've been receiving spam email from people I don't know with "New contact requests."
For example:
"Hello,
kikucqua2 would like to add you as a contact in his/her TeamViewer contacts list.
To accept kikucqua2 as a contact please click the following link. [removed]
Regards,
Your TeamViewer Team"
I have no idea who kikucqua2 is, or jacquelinevb, or trevc8, but they've all emailed me requests through Teamviewer.
I think TV has some security issues to address, STAT.
Oyjord.
-
Received contact request from "sarde44" because I thought i knew the person i accepted, a few days later everyone on my partners list was connected to by my account credentials. Have submitted a ticket to teamviewer and changed my details, this is a massive breach as teamviewer bypasses all other security.
The connected user tried to get stored passwords from browsers and were only connected for a minute.
The teamviewer ID they used to connect was 482675001 so be weary guys, contact request generated from service@teamviewer.com are completely untrustworthy.
-
I see stuff like this, and I'm surprised that the user has evidently not whitelisted the machines he or she wants to be able to connect. That's like a second password. If your machine doesn't have an ID that I recognize, you ain't gettin' in. I have whitelisted a dozen machines, and even if they can figure out my password if they aren't one of those machines, they can't have access.
But is it possible to spoof an ID? (Assuming they know what my whitelist looks like?)
-
Happened to me yesterday (I don't mean the ID spoof / whitelist thing, but I was hacked). I noticed in my browser history some entries that are not from me, something with paypal itunes gifts. Luckily he was unsuccessful, I didn't lose any money. I just hope that's all he did ... I had the logs disabled, so I don't really know.
Actually, I think the attacker was still logged in: in the info panel at the bottom right, I saw my TeamViewer name, but in this case, it wasn't followed by a 9-digit ID in brackets like usual, but by "(1) (0)". Not sure what that means.
I uninstalled TeamViewer from all devices. I'll use RDP and VNC with router port forwarding for now.
Whitelisting doesn't make any sense to me, since I want to access my home network from new devices too. But the 'unattended access' option was enabled, my password wasn't very complex or long, and I didn't notice the two factor authentication option either, so I guess it was in part my own fault. When I started using and configuring TeamViewer, the main priority was not security but to make things work ... maybe I'll use TeamViewer again, but then I'll definitely be more careful.
-
I see stuff like this, and I'm surprised that the user has evidently not whitelisted the machines he or she wants to be able to connect. That's like a second password. If your machine doesn't have an ID that I recognize, you ain't gettin' in. I have whitelisted a dozen machines, and even if they can figure out my password if they aren't one of those machines, they can't have access.
But is it possible to spoof an ID? (Assuming they know what my whitelist looks like?)
I thought about whitelisting, but how would I whitelist access from my cell phone, tablet, etc remotely? You can't whitelist by MAC address right?
-
I thought about whitelisting, but how would I whitelist access from my cell phone, tablet, etc remotely? You can't whitelist by MAC address right?
That's a very good point. Hadn't thought about that. You can only whitelist machines that have their own TV ID. I guess the only solution is make a very complex password. Also, be aware that if you store that password as text on a compromised machine, it will be available to others.
It would be interesting to know what besides the TV ID, TV actually *knows* about the system that is trying to log into it. Would it be a security risk to offer up a MAC address?
-
My TV account got compromised, somehow, and the attacker used it to connect to the computers on my list, which were my PC and my laptop. Luckily, I was around when it happened, so I caught him in the process. He was only able to open PayPal and Ebay in a browser, but as I don't have auto login or auto complete for those web sites, he got nothing. This happened yesterday, May 19.
Not sure how he got his hands on my TV account, as I was using a moderately strong password (larger than 8 characters, numbers and letters, lower and upper case), but I do remember getting a weird contact request, which I declined, about one month ago. I think the contact request was from 'kikucqua2' which was also mentioned by another user, in a post above.
-
is it possible that the email address and password combination that you use for teamview logon, is used elsewhere
-
Yea, it's possible I may have used it in a couple of places. It's a username/password combination I would have used for accounts that I thought were important, but not important enough to deserve a unique password. I don't know why I haven't thought TeamViewer should have it's own unique password, but I changed that now + enabled two factor authentication
-
This happened to me in the beginning of April. It was a multi-level security failure on my part.
I was woken up at 2AM by a call from a random number (that got through my DND because it called multiple times). Turns out it was the PayPal Fraud department, because someone had made 6 $100 purchases of gift cards on eBay with my PayPal account, and then bought some NCSoft coins as well.
I rushed to my computer, not knowing at the time that I had interrupted someone who was still connected to my computer watching me. I ended up kicking them off when I restarted my PC. At first I thought I had some kind of virus or was phished. It didn't dawn on me it was Teamviewer until I looked at my wife's PC and someone had eBay and PayPal up on that! Then I looked at my logs and saw multiple connections in the past two hours, AND all the history of eBay/PayPal/NCSoft was still in my Chrome browser.
From the Teamviewer logs I can see that they copy/pasted things several times (Including definitely all of my Chrome passwords using WebBrowserPassView, which was still on my desktop). So in addition to making purchases from my computer and from my PayPal account, they took all my passwords (400 or so.. I ran it myself to get the list to fix).
Was my Teamviewer password secure? I thought so. I may have used it on a few other sites. But I did not have two factor authentication turned on (I do now), I did not have passwords on my home PCs (it's only my wife and I, so I didn't see the need. But I do now), and I had all my passwords saved in Chrome (never again). I also had unattended access set up with no passwords required.. I still do actually.
I was also luckily able to get all the charges reversed.
The weird thing is ever since then I am getting at least two random contact requests on my Teamviewer account a week.. probably not good.
Whether my credentials used on Teamviewer were compromised somewhere else and tested, or my Teamviewer account itself was stolen somehow, I don't know. But that wasn't a good situation. I do see today that there are reports of 270 million account credentials from various places being passed around, I am really curious if Teamviewer is in there.
This all happened the exact same way to me yesterday around 3:47am EST. I too have been getting random contact requests for the last couple of months (never did before). I didn't actually catch him until around 7:30am EST when I logged into TeamViewer to the home computer from work and saw him going to town on my computer. The hacker had gained access to my computer in stealth mode, accessed my Firefox browser, and proceeding to buy hundreds of dollars of Amazon and iTunes cards from eBay and 4000 Bitcoins from NCSoft using my PayPal account. He was buying cards that had redeem codes emailed to my email account right away. Luckily my wife was home and was able to close TeamViewer and shut down my computer.
I spent all day calling banks, PayPal, eBay attempting to canceling transactions, reporting fraud, and filing a police report. This has caused me to cancel all of my credit cards and get new ones issued leaving me in a bad situation. I also went through and changed passwords to websites, etc.
I so very sad to say that while I absolutely love this software and used it daily (esp. when I'm out of town on business for weeks at a time), too much damage has been done now to allow it to reside on any of my computers. I have completely uninstalled it and will never feel comfortable enough to use it again.
I just wanted to post this here so others using this software are properly informed. Take the necessary precautions to keep your data safe and never assume that this software is 100% secure. Don't have browsers remember your passwords and have your computer on the lock screen when left unattended. :-\
-
Let's not forget that there are TWO passwords that should be secure. Your personal password for unattended access (combined with your TV ID) will allow someone to get in to one computer. But your TV account password and e-mail address gets them into EVERYTHING. All your computers. I think it's that second password that is really the most critical, and should be designed with care and a lot of characters.
-
Let's not forget that there are TWO passwords that should be secure. Your personal password for unattended access (combined with your TV ID) will allow someone to get in to one computer. But your TV account password and e-mail address gets them into EVERYTHING. All your computers. I think it's that second password that is really the most critical, and should be designed with care and a lot of characters.
So with that, I guess my real question is did they really guess correctly my fairly sophisticated password or did they hack the software in some way to not only gain access but do so in almost complete stealth mode? It seems fishy that I suddenly have been getting contact requests. If someone accepts the contact add request, do they have the ability to see account passwords? It also must have been my TV account that they got access to as they successfully accessed all my of my computers in my account.
-
You might have spyware on your machine. I've run into several PCs that had spyware cranking away. At the least you should run Anti-Malware.
-
in regard to these hacking episodes, Teamviewers stance is that this is user error and or complacency, which i tend to think it is:
Regardless i think users need to tighten down their security:
https://www.teamviewer.com/en/company/press/statement-on-potential-teamviewer-hackers/?utm_source=Facebook&utm_medium=social&utm_content=statementonpotentialhackers&utm_campaign=Social&pid=social_Fb
Statement on Potential TeamViewer Hackers
Göppingen/Germany, May 23, 2016. A recent article warns, “TeamViewer users have had their bank accounts emptied by hackers gaining full-system access”. TeamViewer is appalled by any criminal activity; however, the source of the problem, according to our research, is careless use, not a potential security breach on TeamViewer’s side. Therefore TeamViewer underscores the following aspects:
Neither was TeamViewer hacked nor is there a security hole
TeamViewer is safe to use and has proper security measures in place
Our evidence points to careless use as the cause of the reported issue
A few easy steps will help prevent potential abuse
Ad 1.) As always when we receive alerts about potential security alerts, we look at the issue at hand. This is what we have done in this case: There is no evidence to suggest that TeamViewer has been hacked. Neither do we have any information that would suggest that there is a security hole in TeamViewer. Therefore it it is important to stress there are no TeamViewer hackers, but rather data thieves that will steal information from other sources. It is critical to make sure attention is not diverted from the real issue.
Ad 2.) TeamViewer is safe to use, because TeamViewer has proper security measures in place including end-to-end encryption to prevent man-in-the-middle attacks, anti-brute-force means, and more. Additional information about TeamViewer’s security is available at: https://www.teamviewer.com/docs/en/TeamViewer-Security-Statement-en.pdf
Ad 3.) Unfortunately, users are still using the same password across multiple user accounts with various suppliers. While many suppliers have proper security means in place, others are vulnerable. The latter ones tend to be targeted by professional data thieves. As TeamViewer is a widely spread software, many online criminals attempt to log in with the data gained from compromised accounts (obtained via the aforementioned vulnerable sources), in order to discover whether there is a corresponding TeamViewer account with the same credentials.
Storing or caching of account credentials in your browser is yet another example of careless use. The security means to protect such sensitive data do not suffice to guarantee an acceptable level of security. Additionally, cybercriminals may use certain tools to identify and visualize sensitive data in the browser.
Ad 4.) TeamViewer encourages users to …
… create different passwords for each account
… not share your passwords.
… change passwords regularly.
… not use personally identifiable information for passwords.
… use two factor authentication: https://www.teamviewer.com/en/help/402-How-do-I-activate-deactivate-two-factor-authentication-for-my-TeamViewer-account.aspx
… use password safes.
More information about these recommendations are available at:
https://www.teamviewer.com/en/company/press/teamviewer-brings-about-rule-of-five-to-celebrate-world-password-day/
The TeamViewer support team is happy to answer any potential technical issues or queries at:
https://www.teamviewer.com/en/support/contact/submit-a-ticket/
TeamViewer recommends that users who have been the victim of criminal activities get in touch with their local police departments, in order to report their case. This is particularly important because TeamViewer is subject to very strict data protection and privacy regulations, and can release sensitive data only to authorized individuals and authorities.
About TeamViewer
Founded in 2005, TeamViewer is fully focused on the development and distribution of high-end solutions for online communication, collaboration and remote monitoring of IT systems. Available in over 30 languages and with more than 200 million users worldwide, TeamViewer is one of the world’s most popular providers of remote control and online meeting software. airbackup, a powerful cloud-based backup solution, and ITbrain, a valuable remote monitoring, anti-malware and IT asset tracking solution, complement TeamViewer’s product portfolio.
For more information, visit: www.teamviewer.com
Follow us on Twitter at @TeamViewer and on our blog at blog.teamviewer.com.
TeamViewer GmbH
Jahnstr. 30
73037 Göppingen
-
Same happened to me this Weekend and I can really not don't how it worked. This is what happened:
On 28th of March someone send me an TV Invitation which I ignored. (Do not check that mail account very often)
On the night of the 29th someone was able to login to my TV account, which had 3 computers in the list. My Home Server is online 24/7 so the guys were able to connect to it.
Unfortunately, my system was not locked so they opened Chrome. Chrome is connected to my Google Profile where I stored some passwords. (Bad Idea I know)
They tried to buy some iTunes and X-Box Premium codes on Amazon, but Amazon denied this and locked down my account.
After that, they tried to gain access to the email account, which is assigned to PayPal, without success. Then they logged on to PayPal and made 10 transaction of around 2000$.
PayPal told me on phone, that I will get back that money soon - it is also now confirmed by Mail by PayPal.
Honestly, I don't have a clue how they find out my login credentials. On my Server, there was only a instance of Emby and DVBLogic running together with TV. Other Software installed: Chrome and TotalCommander. Avast as AntiVirus Service.
Reinstalled all my Systems and now using two factor authentication where it is possible, changed passwords on nearly all plattforms. BTW, I had a strong alphanumerical and long PW.
-
This happened to me last night at about 7:00 PM MST. I was at my laptop. TeamViewer was launched and in the lower right corner of my taskbar, but I was not connected to anyone.
My Firefox browser was already open, but I was not actively doing anything on my laptop at the time.
I was on the phone, and my laptop was just sitting in front of me.
I suddenly noticed movement and a flash of activity and I saw TeamViewer connect.
Then someone started moving my mouse around, and went directly to Amazon, and then to PayPal. Then just about as abruptly as they connected to me, they disconnected. This all happened in a matter of less than a minute.
I cannot tell if they did anything else, or if this is the only time they tried to connect to me.
I usually have TeamViewer open and in the lower corner of my taskbar. I won't be leaving TeamViewer open anymore.
Anyway, my passwords were not highly secure, and I understand that that is my fault, but that does not explain why this is happening to so many people - people who have pretty secure passwords, so I am not so quick to just dismiss this as being my fault. There seems to be something else at play here.
I looked through the TV logs on my hard drive, but I am not really sure what I am looking for.
While looking through other things last night, I noticed that I did get a contact request from "jdkyle" and it was just sitting there. I hadn't even noticed it until all of this happened last night and I started looking through everything.
I use LastPass and I hope they were not able to steal any of my stored passwords. :-\
I went to change my TV password and the verification email that I got was in Chinese. That was when I knew there was a serious problem.
I am worried because there are people reporting this happening to them who say they had STRONG alphanumeric, LONG, passwords, so there is more to this than just dismissing it as me having a lax password.
I hope TeamViewer Support sees that there is a trend here.
I have never come to the forums, and almost didn't. So, I wonder how many people this is happening to who are not reporting it. The is the tip of the iceberg.
Thanks for any help.
-
Just copying this from another thread. Ultimately I blame myself for the manner in which I used it (PC on overnight and TV left running) but my password was NOT overly simple, so I still don't understand how my account was compromised and think it's worthy being looked into.
-----------------------
Man I feel your pain. In fact I still do, it's turned this once confident PC user into a paranoid sissy.
5/29/16 @ 5am (computer left running, I'm asleep still) - I get a large purchase through ebay using the linked paypal. < ok maybe someone got my ebay password, changed that and paypal will reimburse
5/30/16 @ 5am (computer left running, I'm asleep still) - I get ANOTHER charge using the exact same method and means. < now I begin thinking to myself I have a trojan of some sort and begin scrubbing my pc, which honestly is futile in giving any sort of assurance it worked.
I also begin removing all saved passwords and information from chrome and transferring them to lastpass, which is a vault of sorts for your login info, that can be tied to a token authentication on your smartphone.
5/31/16 @ 6AM, (computer was on standby, woken up for early morning reading) I notice a teamviewer connection open with my mouse clearly being controlled by someone on the other end. To my horror I see them try to access my lastpass vault, as my phone is prompting the 2step authentication process. About that moment I panicked and yanked all computers from the internet and began the teamviewer uninstall process, and immediately changing ALL passwords I can think of.
After settling down and reviewing the teamviewer logs, I think I have their teamviewer ID which I will be forwarding to the authorities. Long story short, DO NOT store passwords in browsers, DO NOT leave teamviewer running unsupervised, DO use a complex password for teamviewer, and DO setup a 2step authentication process on your teamviewer account.
That guy better pray I never find him... >:( >:( >:( >:( >:( >:( >:( >:(
-
I read a post in this thread that TeamViewer administration dismisses these kinds of problems as "user error and complacency", however I think they are very, very foolish to not take a closer look at their own database or whatever because I do not think this has anything to do with "user error and complacency".
It is like with the Tylenol scare years ago .... you can only deny things for a certain period of time, then it is in the best interests of YOUR company to take a closer look to see how YOU might be responsible for the breach and then take swift action to resolve it. Otherwise, your company will never, ever recover from the bad publicity it causes.
I can tell you that after what happened to me the other night, I will NEVER recommend TeamViewer to my corporate clients. This is a sad day indeed. I have been using TeamViewer for many, many, many years. I am now going to uninstall it and look for another solution to my needs. I will contact the small businesses I have recommended TV to and suggest that they change to another product.
-
just posted in another thread, but im in this situation as well
my account has been comprimised by someone from china and im now at a loss of voer $3000 from paypal which they wont give back as they cant prove my paypal account was hacked as it was from my own computer.
Teamviewer really needs to recognize this now as there is more and more people getting done by this
-
As stated above, I also got hacked and approx 3000 Euro are stolen from my PayPal account.
I called PayPal asap by phone and told them what happen. They also told me that all payments have been made from my computer and needs to be investigated first. The women on phone directly told me, that she is 100% sure that I get my money back. Within the next 24 hours I got many Emails by PayPal confirming me the refund.
Anyway, if PayPal would not refund I also have the 2nd option to reject all the payments at my bank.
-
Tranquil
My bank rejected the payment but PayPal said to me if they don't find anything to prove it was a hack then I owe them $3700
Let's hope with all these coming through they acknowledge the issue.
Do you have an account on the team viewer website that you can check if there were unauthorised logins around that time?
-
After being hacked, I've enable multi-factor authentication and now I get the following error sporadically when trying to connect from any Windows machine: No connection to partner! Partner did not connect to router. Error Code: WaitforConnectFailed. Sometimes it connects, many times it doesn't.
When using any iOS device, I have to connect to all computers twice. The first attempt fails and the second attempt always works.
I'm on TV version 11.0.59518. Is TV ready for prime time yet?
-
Looks like this has happened to enough people for it to finally blow up on Reddit:
https://www.reddit.com/r/technology/comments/4m7ay6/teamviewer_has_been_hacked_they_are_denying
-
Hi,
Protecting your personal data is at the very core of everything we do. As you have probably heard, there have been unprecedented large scale data thefts on popular social media platforms and other web service providers. Unfortunately, credentials stolen in these external breaches have been used to access TeamViewer accounts, as well as other services. The cyber criminals behind these thefts have taken advantage of common use of the same account information across multiple services to cause damage.
To do our utmost to help you - our users - and to further strengthen the protection of your data against these hijacks of cyber criminals, we are globally rolling out improved security measures. It is important to underscore that TeamViewer account authentication uses the Secure Remote Password protocol, and therefore does not store any password-equivalent data.
Please find more information about the measures in our official statement under https://www.teamviewer.com/en/company/press/teamviewer-launches-trusted-devices-and-data-integrity/
We experienced an outage on Wednesday and because of this there still may be some connection issues in some regions. It may take some time until all regions are back to regular service. You will find more info on the outage here: http://www.teamviewer.com/en/company/press/statement-on-service-outage/
We apologize for any inconvenience caused. Thank you for your patience.
Best regards,
Fabian - TeamViewer