My Teamviewer Account was Hacked!!

[lisaslade]

Hi There,
Just to let you know my Teamviewer got hacked last night. Someone in China access my computer remotely.
Then they access my paypal account and use it to access $600 from credit card, then they tried to get $3000 from my credit card, luckily I only have a low limit on credit card so payment was denied. 

So any suggestions how to stop this from happening again?

At the moment my teamviewer is uninstall until I can make more secure!!

[Admin]

how do you know it was through teamviewer?

[lisaslade]

I check the activity of my teamviewer, and someone from China had logged onto my computer.

[matt]

I check the activity of my teamviewer, and someone from China had logged onto my computer.

How EXACTLY did you do that...

[asbjorn]

Same here!

I was sitting near my computer and then suddenlig someone was logged inn trough TeamView in my name. I checked the log-file and found this IP in the log:
"2016/03/26 11:52:52.144  2708  3108 S0   UDP: punch received a=180.142.10.7:6543"

"inetnum:        180.136.0.0 - 180.143.255.255
netname:        CHINANET-GX
descr:          CHINANET GUANGXI PROVINCE NETWORK
descr:          China Telecom"

So someone has somehow got access to my account. I have changed the password now on TeamViewer.com, but I would like to have a better security solution. I think the security around TeamViewer is not good enough when this is possible.

[Admin]

Same here!

I was sitting near my computer and then suddenlig someone was logged inn trough TeamView in my name. I checked the log-file and found this IP in the log:
"2016/03/26 11:52:52.144  2708  3108 S0   UDP: punch received a=180.142.10.7:6543"

"inetnum:        180.136.0.0 - 180.143.255.255
netname:        CHINANET-GX
descr:          CHINANET GUANGXI PROVINCE NETWORK
descr:          China Telecom"

So someone has somehow got access to my account. I have changed the password now on TeamViewer.com, but I would like to have a better security solution. I think the security around TeamViewer is not good enough when this is possible.

Please post this to the teamviewer Facebook page and open a support ticket

[Visseroth]

And when you get back into your account enable "Two Factor Authentication".
I had something similar happen to me last year. Someone logged into my teamviewer account and was connecting to remote machines on my list. Since enabling two factor authentication I've had no reports of it happening.
You can enable two factor authentication from the teamviewer website. Login, edit your profile and you'll see it right there. I use the google tolken generator and keep the generator on my phone.
WARNING: You will be given a link to disable the two factor authentication in case your phone is lost, stolen, ect, you need to save this link. I personally put it in a txt file with the rest of my software keys in case I need to use it, and I have used it once. You do not want to loose this link that you are given when it is activated.

[crr]

hi

im in the same boat now.

my account was hacked into by someone from china and a large amount of money paid out of paypal.

paypal will not approve the dispute because they cant find any information leading to it being hacked.

i have sent an email to teamviewer support with logfiles and hopefully they come back with some positive news that i can send to paypal to show them it wasnt me

[Kadeschs]

I was hacked as well.  Using multi-factor authentication now.

[AZEXPLORER]

Kadeschs - you might want to consider reformatting your hard drive. For all you know, when they were visiting you, they installed a key logger, so you may have only felt the beginning of the pain they are about to cause you.

I uninstalled TeamViewer, and reformatted my hard drive, and changed every password I have -- and I am still uncomfortable. I have no idea how much of my personal data they got away with.

I have no idea how long they were free to leisurely browse around my laptop, undetected, before I discovered them.  It could have been hours.

This is all just the tip of the iceberg as far as I am concerned.

While TeamViewer personnel chase their tails trying to clear the diversionary smokescreen that the hackers threw at them (DOS against their DNS) and NOT address the REAL issue which is that there is some sort of SERIOUS security breach, all of their customers are being ripped off and the best TeamViewer can do is deny everything.

What a sad day this is.

[TeamViewer]

Hello all,

Protecting your personal data is at the very core of everything we do. As you may already know, there have been unprecedented large scale data thefts on popular social media platforms and other web service providers.
Unfortunately, credentials stolen in these external breaches have been used to access TeamViewer accounts. We are appalled by the behavior of these cyber criminals.

It is important to underscore that TeamViewer account authentication uses the Secure Remote Password protocol, and therefore does not store any password-equivalent data. Please find more information on this matter in our official statement: https://www.teamviewer.com/en/company/press/teamviewer-launches-trusted-devices-and-data-integrity/

If you need further assistance setting up Two-Factor-Authentication please see our FAQ (https://www.teamviewer.com/en/help/402-How-do-I-activate-deactivate-two-factor-authentication-for-my-TeamViewer-account) as well as for limiting inbound access (https://www.teamviewer.com/en/help/422-How-can-I-restrict-access-for-TeamViewer-connections-to-my-computer) to your PC.

Best regards,
Fabian – TeamViewer

[HYO1]

Many of these people are yelling at Teamviewer and blaming them but most of them have just joined the mass hysteria. Engaging the brain helps people take responsibility for their own actions in this situation, thus learning something in the process.

Does anyone know how someone from China cracks a password like this used on your Teamviewer account?
6vlJjMFYMbw4qG83mdNh

The answer is that they dont have to. They dont need any systems at Teamviewer other than logging into your account at the end of the process.

They obtain user information from any of the hacks in the past few years, Sony was very seriously hacked for example. Then many companies were hacked to prove a point, protect your customers data better. Nothing really changed. That information is bought and sold on a daily basis.

The hackers visit your email service and log-in. Perhaps using a webmail service if you're using Pop3 or Imap email. Your secret question is available too, this was used in the celebrity scandal to access naked pictures of celebrities. Apple only had one method of authentication in place and celebrities aren't very clever.

Some services have a way to recover your account using the "I dont have access to my email address" prompt others will let you supply information. Some services like Hotmail have flaws in their warnings to customers.


I'm getting off-track, anyway. They gain access to the email account. The settings are changed to redirect your email (Most services like Gmail can do this yet it wouldn't be readily obvious) directing all valid email traffic to another Pop3/Imap/Exchange server in China or somewhere inbetween. You stop getting your emails. People have reported that their emails were all forwarded to a dummy account and then the settings were changed, prior to their money being stolen and spent.

The hackers then go to all of the websites and see if you have accounts through the password reset prompts. They get all of those emails and simply reset your passwords, you're not being notified about any of it.

Unless you've strictly configured Teamviewer locally, if you're using the easy-connect system Teamviewer provides, they have everything they need to access your computer.

My advice is to be careful. If you're affected by this, first make sure you're not infected by anything installed via Teamviewer. Then change all of your passwords and check your email settings are correct.

[HYO1]

Sorry but additionally,

When people try to claim their Teamviewer account back through the compromised email address, The Teamviewer account is reset, but, the reset email is delivered in Chinese language. Teamviewer is sending out emails to those with compromised accounts, that's not going to fix all of this.

I've seen the IP addresses posted and nobody is really surprised, they're pretty much the same as the people that call you trying to have you install remote administration software on your computer. I guess they realised they could do better and skip the calls.