Teamviewer Hacked?

[spyoptix]

I think my Teamviewer account was compromised. I was sitting at my PC and all of a sudden the active connection window pops up. I tried to change my password but the email I received came back in chinese. Should I fill out the password reset or what? I will discontinue my use of teamviewer, but I'd like to know if my account was compromised.

This is a little unsettling.

[matt]

third or forth reported case I seen here in recent weeks....

Yes change your password immediately.
Review your connection settings

[lakeeffect]

It happened to me today, too. The user was logged in as me.

I had another computer on my account sitting next to me and after I closed them out of one they logged into the other. Both times I exited Teamviewer immediately upon seeing the connection. I was able to log in online and change my password.

Had a user named Nero511 friend request me yesterday. I did not accept it. I've looking through the log in Windows to see what happened and see if I can block the IP. Not that it's a great solution but I'm not sure what else to do.

[Admin]

just curious how complex your passwords were prior to being "hacked"

[Admin]

This board was created by a Teamviewer user to centralize support options for the Teamviewer community that uses both the the free and paid version.
This board has been fortunate enough to have several Teamviewer members join and offer assistance when they can.
Thank you to them.

That said they don't always have time to monitor these boards and offer help, Teamviewer does offer a ticket system for the private user:
You can navigate to this page and submit a ticket
http://www.teamviewer.com/en/help/createticket.aspx
choose "private" category then "next", then fill out the form and submit.

Keep in mind that support questions for the free version may take some time to be answered so please, post your issue in the appropriate board here, you may find one of the community members can answer the issue quickly and add the resolution if received from the support team.

An additional method for getting answers is to post to the Teamviewer official Facebook page, they often are able to answer more quickly:
https://www.facebook.com/teamviewer

If either case, if you submit and receive and response, please post it back here to the forum so that other may benefit.

Thanks for participating !


highly suggest posting to their facebook page

[0plus6]

Exact same issue. Walked in and someone was logged in as me and stealing all my passwords that Chrome had saved.

[dsm300]

When your accounts were hacked, do you believe it was through simply having the software installed, or do you believe it was because you had the Unattended Access enabled and configured and that is how they are getting in?

I am just curious if the possible vulnerability is with the software being installed itself, or with this feature that could simply not be enabled.

Thanks

 

[matt]

I suspect that 'computers and contacts' login details are being sniffed / guessed, and that computers with logon details in those lists are being harvested...

But I'm only guessing

[jglonek]

This happened to me in the beginning of April. It was a multi-level security failure on my part.

I was woken up at 2AM by a call from a random number (that got through my DND because it called multiple times). Turns out it was the PayPal Fraud department, because someone had made 6 $100 purchases of gift cards on eBay with my PayPal account, and then bought some NCSoft coins as well.

I rushed to my computer, not knowing at the time that I had interrupted someone who was still connected to my computer watching me. I ended up kicking them off when I restarted my PC. At first I thought I had some kind of virus or was phished. It didn't dawn on me it was Teamviewer until I looked at my wife's PC and someone had eBay and PayPal up on that! Then I looked at my logs and saw multiple connections in the past two hours, AND all the history of eBay/PayPal/NCSoft was still in my Chrome browser.

From the Teamviewer logs I can see that they copy/pasted things several times (Including definitely all of my Chrome passwords using WebBrowserPassView, which was still on my desktop). So in addition to making purchases from my computer and from my PayPal account, they took all my passwords (400 or so.. I ran it myself to get the list to fix).

Was my Teamviewer password secure? I thought so. I may have used it on a few other sites. But I did not have two factor authentication turned on (I do now), I did not have passwords on my home PCs (it's only my wife and I, so I didn't see the need. But I do now), and I had all my passwords saved in Chrome (never again). I also had unattended access set up with no passwords required.. I still do actually.

I was also luckily able to get all the charges reversed.

The weird thing is ever since then I am getting at least two random contact requests on my Teamviewer account a week.. probably not good.

Whether my credentials used on Teamviewer were compromised somewhere else and tested, or my Teamviewer account itself was stolen somehow, I don't know. But that wasn't a good situation. I do see today that there are reports of 270 million account credentials from various places being passed around, I am really curious if Teamviewer is in there.

[oyjord]

I don't know if this is related, but I think it is.

Since mid-April I've been receiving spam email from people I don't know with "New contact requests."

For example:



"Hello,

kikucqua2 would like to add you as a contact in his/her TeamViewer contacts list.

To accept kikucqua2 as a contact please click the following link. [removed]

Regards,

Your TeamViewer Team"



I have no idea who kikucqua2 is, or jacquelinevb, or trevc8, but they've all emailed me requests through Teamviewer.

I think TV has some security issues to address, STAT.

Oyjord.

[grkstyla]

Received contact request from "sarde44" because I thought i knew the person i accepted, a few days later everyone on my partners list was connected to by my account credentials. Have submitted a ticket to teamviewer and changed my details, this is a massive breach as teamviewer bypasses all other security.

The connected user tried to get stored passwords from browsers and were only connected for a minute.

The teamviewer ID they used to connect was 482675001 so be weary guys, contact request generated from service@teamviewer.com are completely untrustworthy.

[Danl]

I see stuff like this, and I'm surprised that the user has evidently not whitelisted the machines he or she wants to be able to connect. That's like a second password. If your machine doesn't have an ID that I recognize, you ain't gettin' in. I have whitelisted a dozen machines, and even if they can figure out my password if they aren't one of those machines, they can't have access.

But is it possible to spoof an ID? (Assuming they know what my whitelist looks like?)

[AndiJN]

Happened to me yesterday (I don't mean the ID spoof / whitelist thing, but I was hacked). I noticed in my browser history some entries that are not from me, something with paypal itunes gifts. Luckily he was unsuccessful, I didn't lose any money. I just hope that's all he did ... I had the logs disabled, so I don't really know.

Actually, I think the attacker was still logged in: in the info panel at the bottom right, I saw my TeamViewer name, but in this case, it wasn't followed by a 9-digit ID in brackets like usual, but by "(1) (0)". Not sure what that means.

I uninstalled TeamViewer from all devices. I'll use RDP and VNC with router port forwarding for now.

Whitelisting doesn't make any sense to me, since I want to access my home network from new devices too. But the 'unattended access' option was enabled, my password wasn't very complex or long, and I didn't notice the two factor authentication option either, so I guess it was in part my own fault. When I started using and configuring TeamViewer, the main priority was not security but to make things work ... maybe I'll use TeamViewer again, but then I'll definitely be more careful.

[jglonek]

I see stuff like this, and I'm surprised that the user has evidently not whitelisted the machines he or she wants to be able to connect. That's like a second password. If your machine doesn't have an ID that I recognize, you ain't gettin' in. I have whitelisted a dozen machines, and even if they can figure out my password if they aren't one of those machines, they can't have access.

But is it possible to spoof an ID? (Assuming they know what my whitelist looks like?)

I thought about whitelisting, but how would I whitelist access from my cell phone, tablet, etc remotely? You can't whitelist by MAC address right?

[Danl]

I thought about whitelisting, but how would I whitelist access from my cell phone, tablet, etc remotely? You can't whitelist by MAC address right?

That's a very good point. Hadn't thought about that. You can only whitelist machines that have their own TV ID. I guess the only solution is make a very complex password. Also, be aware that if you store that password as text on a compromised machine, it will be available to others.

It would be interesting to know what besides the TV ID, TV actually *knows* about the system that is trying to log into it. Would it be a security risk to offer up a MAC address?