Reply to post: Genuinely Concerning

TeamViewer denies hack after PCs hijacked, PayPal accounts drained

Adam JC

Genuinely Concerning

After scanning /r/TeamViewer last night it became clear that this wasn't just a simple case of the LinkedIn breach credentials being reused (Although several posts DID admit to being affected by the LinkedIn breach AND reusing credentials).

The posts that terrified the living daylights out of me, were the ones where people used platforms like LastPass and KeePass/1Password to generate a unique, secure ID for their Teamviewer account.

Not only this, but they'd disabled the auto-generated password that TeamViewer comes configured with in it's 'vanilla' state AND 2FA was *ENABLED*.

This.. this suggests there is much more to this story than reusing credentials from a breach. We have a very locked down TeamViewer deployment that we use en-mass for all clients (Over 500 unattended installs) and use ID whitelisting to allow only 3 authorised/licensed TV clients from our office to be able to connect to anyone, yet still noticed several logins on a few machines. For now, we've revoked automatic unattended access and now requires an approval by the end-user (Servers are obviously RDP anyway). My only thought is either 1) DNS has been hijacked somewhere (Although I checked the NS IP's before/after/during the outage and didn't spot any records having been changed) or 2) Teamviewer account database has been compromised and they've retrieved the records (Or have recently). Our password is a 16-Char auto-generated lastpass and even has a unique e-mail address created solely for the purpose, so there's zero chance of this being leaked from another site! (Admittedly, it's not been changed for about a year or so but it's unique).

Interested to see how this pans out, as we spend a LOT of money with Teamviewer. I do sincerely hope it's not something serious and is just a co-incidence, however the number of posts on /r/teamviewer isn't exactly instilling faith in me right now...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon