Slashdot Mirror
TeamViewer Denies Being Hacked, Blames Users, Introduces New Security Measures (betanews.com)
Mark Wilson writes: In the last couple of weeks there have been a huge number of reports from TeamViewer users that their computers have been hijacked. In addition to this, users of the remote access tool have complained of funds being extracted from PayPal and bank accounts. But TeamViewer insists that there has not been a security breach, instead shifting the blame to users.
The company says [users] are in the habit of reusing the same passwords for a number of apps and services. It suggests that recent high profile security breaches -- such as the password dumps from MySpace and LinkedIn -- have allowed cyber criminals to learn TeamViewer log in credentials.
"We are appalled by the behaviour of cyber criminals, and are disgusted by their actions towards TeamViewer users," reads the company's statement. But they will now notify users whenever a new device logs in to a TeamViewer account, and in the future will also require a new password whenever suspicious account activity is detected.
The company says [users] are in the habit of reusing the same passwords for a number of apps and services. It suggests that recent high profile security breaches -- such as the password dumps from MySpace and LinkedIn -- have allowed cyber criminals to learn TeamViewer log in credentials.
"We are appalled by the behaviour of cyber criminals, and are disgusted by their actions towards TeamViewer users," reads the company's statement. But they will now notify users whenever a new device logs in to a TeamViewer account, and in the future will also require a new password whenever suspicious account activity is detected.
Back in February, I had Team Viewer running 24/7 on an Ubuntu Desktop. I had a "strong" password, using letters, numbers and symbols. I was at a customer site installing a new Asterisk phone system and suddenly I get notifications from Paypal that I'm buying large amounts of virtual currency with NCSoft. It took me all of 5 minutes to realize what was happening and change my Paypal password and in that time, several grand was spent. It took me a week to get it all fixed, which isn't that bad.
Team Viewer Support couldn't care less. I asked why they wouldn't even notify on an account that's never been accessed from outside the country and they had no answers. Now, what could I have done better? Setup Multi-Factor Authentication for Team Viewer and Paypal. So, some of the responsibility is mine. However, I find it very strange that someone could have hacked or guessed that account's password. I asked if they had a breach and they reported that there were no problems, of course. Notification and confirmation of suspicious activity should have been implemented by them a long time ago.
The fact that they allow users to download old versions of TeamViewer is 1/2 the problem. I entertained a call from someone who was likely Pakistani that asked me to install an old version of TeamViewer from their website. Though I got on Linux and tried to follow their instructions...they didn't know what Linux was. I succeeded in wasting 30 minutes of their time.