TeamViewer Denies Being Hacked, Users Not So Sure
Remote-desktop service TeamViewer may be tied to a series of computer hijackings, but the company says there's been no security breach.
UPDATED with comment from TeamViewer.
Something not right happened today (June 1) with TeamViewer, the remote-desktop application installed on tens of millions of computers and smartphones worldwide.
As the service went offline for several hours, users flocked to Reddit to say their TeamViewer installations had recently been hacked, with several saying their online bank accounts had been cleaned out.
TeamViewer itself says there is no hack or data breach, and any account hijackings stem from reuse of passwords compromised in the recently disclosed LinkedIn, Tumblr and MySpace breaches. We've reached out to the company for comment and will update this story when it responds.
MORE: What to Do After a Data Breach
"I believe I got hacked Saturday morning through TeamViewer," wrote Reddit user Morblius. "They accessed my PayPal and transferred $3,000 from my PayPal account to theirs."
"I think they got past 2fa," wrote bobsagetfullhouse, referring to two-factor authentication. "I see a connection to my PC around 2:30 a.m. last night. Good thing I have a strong windows password."
Sign up to get the BEST of Tom's Guide direct to your inbox.
Here at Tom’s Guide our expert editors are committed to bringing you the best news, reviews and guides to help you stay informed and ahead of the curve!
"I went to look at my active login sessions and there was a session 2 days ago from China," wrote smjiko. "My computer has been away in repairs for the last 5 days but TeamViewer has been running while they were attempting to repair the PC."
None of the Reddit accounts could be independently verified.
TeamViewer itself tweeted that "we are currently experiencing issues in parts of our network," while the separate TeamViewer Support account stated that "we have no security breach."
In a blog posting dated May 23, the German company said that any reports of account hijackings stem from "careless use, not a potential security breach on TeamViewer's side."
"TeamViewer is safe to use, because TeamViewer has proper security measures in place including end-to-end encryption to prevent man-in-the-middle attacks, anti-brute-force means, and more," the blog posting added. "Unfortunately, users are still using the same password across multiple user accounts with various suppliers."
TeamViewer is used by consumers and enterprises to remotely access computers and mobile devices. It runs on Windows, OS X, Linux, Chrome OS, Android, iOS, Windows Phone and BlackBerry.
Consumers, for whom it is free, use the software to access their home computers from work, and vice versa. Enterprise customers, who must pay for a license, use TeamViewer to monitor and troubleshoot PCs deployed across the workplace.
Even tech-support scammers use TeamViewer, persuading victims to let them install the remote-desktop client to "fix" the machines (but really show them ordinary processes that the scammers say demonstrate malware infection).
The software relies on the TeamViewer company's servers to make the initial connection between two machines, and the company says the TeamViewer software has been installed on more than 1 billion devices worldwide, with more than 20 million active at any given time.
UPDATE: Following our inquiry, a TeamViewer representative provided a press statement that read in part: "TeamViewer experienced a service outage on Wednesday, June 1, 2016. The outage was caused by a denial-of-service attack (DoS) aimed at the TeamViewer DNS-Server infrastructure. TeamViewer immediately responded to fix the issue to bring all services back up.
"Some online media outlets falsely linked the incident with past claims by users that their accounts have been hacked and theories about would-be security breaches at TeamViewer. We have no evidence that these issues are related."
The statement also obliquely warned user to avoid downloading TeamViewer software from free-software repositories, which often bundle installers with unwanted programs.
"Users should avoid all affiliate or adware bundles: While users may think they are just downloading a harmless program, the software could in fact install something else," the statement said. "Users ought to download TeamViewer only through the official TeamViewer channels such as the TeamViewer website https://www.teamviewer.com."
Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.