Hacked TeamViewer users 'careless' in personal security
Summary: The company has denied all responsibility for a recent spate of reports that user PCs have been compromised.
Faced with angry users complaining of hacked accounts, TeamViewer has placed the blame on the "careless" use of credentials rather than internal issues.
Founded in 2005, TeamViewer provides software which can be used to remotely control PC systems and conducted meetings. The company caters for over 200 million users across the globe -- and some of which have recently taken to forums to complain of alleged hacking thanks to the firm's software.
On Reddit, users have flooded the forum with complaints over the alleged hack, complaining that their accounts were compromised and attackers have been able to infiltrate their PCs for the purpose of stealing financial data, accessing other accounts and making purchases ranging from designer clothes to Amazon gift cards.
One common thread in the story appears to be a file called "webbrowserpassview.exe," which trawls through systems to find stored passwords for use.In a series of tweets, TeamViewer said it was "experiencing issues in parts of its network," but within a few hours managed to boot the majority of the platform back to regular service.
In a statement, TeamViewer said the outage was caused by a denial-of-service attack (DoS) attack aimed at the company's infrastructure, but claims there is "no evidence" that the DoS attack was linked to any data breach or user account compromise.TeamViewer said, "the truth of the matter is TeamViewer experienced network issues because of the DoS-attack to DNS servers and fixed them, there is no security breach at TeamViewer, regardless of the incident, TeamViewer continuously works to ensure the highest possible level of data and user protection."
Instead, the company blamed recent account hack claims at the feet of "careless use of account credentials." As we've seen in the last year, countless credentials are now being traded and released online, and coupled with the fact many will use the same passwords across different services, one loose set can lead to the compromise of multiple accounts.
"In addition, users might unintentionally download and install malware programs," the company said. "Yet once a system is infected, perpetrators can virtually do anything with that particular system -- depending on how intricate the malware is, it can capture the entire system, seize or manipulate information, and so forth."
The timing of the account compromises and DoS attack is interesting, but in fairness to TeamViewer, it is entirely possible that the users affected may have had their details stolen and used through other means than breaching TeamViewer servers. Just by checking Troy Hunt's HaveIbeenpwned search engine you can see if credentials belonging to you are available freely online, and if so, you should immediately start changing your passwords.
Some users have suggested the recent MySpace and LinkedIn data dumps may be to blame, whereas others have denied their credentials were weak or used elsewhere.
The takeaway? Using the same credentials across multiple online services is risky, and while remembering different sets is a pain, it prevents attacks from accessing your complete digital profile should one set be stolen. It is not a full proof solution but will certainly help.
Comments
Post a Comment