I got hacked too. I can guarantee its TEAM VIEWER breach. I run computer and cell phone repair business. I use team viewer a lot. My computers have latest anti virus running and we scan our machines weekly. Team viewer shit down all their services for several hours to disconnect all hijackers. I uninstalled team viewer and will be looking for alternative. If they at least told the true, I would kept a software. I am encouraging everyone to stay away from TV.
I got hacked too and it's definitely from Teamviewer security breach as I used different password than my LinkedIn account. During the day, while I was using TV, I noticed a sudden change of screen resolution on the remote session, then followed by inability to login to TV. Shortly after that, I got a call from Paypal who identified a bunch of suspicious charges on my account costing >$2500. Also, two transactions with total of $1500 giftcards were being posted on my Amazon account. TV's denial to their security breach has made me lost faith in that company completely. Who can trust a company that is not telling the truth? If they could be upfront and admit what truly happened, I might still give them a second chance, but not anymore now...
Add my voice to the growing group of people talking about this.
About 3 months ago, the same thing happened to me.
Someone logged in to my computer via teamviewer... jumped into chrome, grabbed my passwords, bought gift cards via paypal, etc.
It wasn't a weak password... it wasn't "lax security"...
Teamviewer denied responsibility then... suggested that it might be because I use the same login info elsewhere (I don't) and would not give me additional info.
They suggested two factor auth... and using the whitelist.
They also said the following:
"Due to data security laws in Germany, we can give out IP addresses only directly to the police, after receiving an official request.
If you want to report this to the police, please find enclosed a request form for REQUESTING MUTUAL LEGAL ASSISTANCE IN CRIMINAL MATTERS FROM" which should be given to the Police department you will contact.
They should also be provided with all logs involving TeamViewer from your PC.
Please ask the Police to send the request to Federal Office of Justice in Germany."
Ok, so is the assumption that Teamviewer passwords are stored on Teamviewers servers and not encrypted somewhere locally like in the registry? And that they got hacked and all passwords leaked?
If not how exactly were end users effected? I ask this as someone that uses TV but does not have an account with them so I am generally interested.
2FA is well worth it though is TV have that as an option.
I have been reading all the articles regarding this and still cannot see why people are so sure it's TV that was the way in rather than some other form of infection or attachment to a botnet, which for everyone saying they're not they likely as not would not know unless they were looking for it.
Regardless of wether I think it was them or not I am intrigued as to why people are so sure when there are so many other ways hackers can attack systems these days, yes Flash I'm looking at you!
I got hacked on may 27th, I was at home, and I discovered after reading these articles that it was through TV on my office computer that they gained access to my PayPal account. $8k USD was spent in under 2 hours.
It was 5:30am and didn't realize it at the time, so I was bewildered when I couldn't stop the transactions from going through even though I had changed my Paypal password several times. Finally when the customer support at PayPal opened at 6:00am my time where they able to lock my account down and prevent the outflow of money.
@Nick_91 : I agree that we simply do not know at this point wether it is passwords that were the weakness, Im still curious if and how this is the case only for people with accounts, as otherwise the password should be stored locally.
You keep saying we do know it was through Teamviewer, but I don't see how people are still so sure, there are various reports stating simlar things, but some going back to earlier in the year which would indicate its a gradual attack suddenly getting larger over the last few days which many people are saying was the cause of the shutdown.
More likley anyone affected has another weakness on their system, either a RAT installed or a botnet infection, if a hacker has access and sees a Teamviewer process running it would be easier for them to use it then various command prompts. A log would then of course show a connection from Teamviewer but it doesn't confirm 100% that this was the original entry.
Don't get me wrong, I use Teamviewer and if they are somehow to blame I hope they and any other corporation with lax securuity and customers details are taken to task for it, but I'd say it's from from certain with no solid evidence from either side.
I can guarantee that Team Viewer got hacked, because I had 5 machines on my account. All machines were accessed through team viewer and they tried to log in to paypal and amazon accounts on all computers. I have 3am browser history. They were able to access my business computer and withdraw money and I am still waiting on paypal to refund me over $600 in charges.
It's still not a gurantee that it is Teamviewer though, if you had 5 machines on your account Rocky_6 then surely they only needed access to one and then the others would have been saved and able to access just as easily from that single machine?
The same way I assume people are saving their Paypal details which is why they are targeting Paypal accounts as their first call.
At the moment, until something is confirmed, it is only 100% clear that Teamviewer is being used for desktop access, but is not necessarily the entry point.
Out of interest has anyone that has been comprimised only used Teamviewer on one system without a Teamviewer account? My system at home runs Teamviewer but I have no account just a password set, I'm still curious, if there is a vuln, where it is, i.e. Teamviewer have been hacked and account passwords leaked or someone has found a way to bypass the brute force protection.
For those that were hacked, were passwords for systems hacked stored in TV's user account database?
(I'd certainly recommend removing such details for the time being, just in case)
For those that were hacked, I'm assuming the TV service was already running allowing for remote access? (Cautious folks might want to avoid this, and, disable/remove this service until this vulnerability is ironed out...; the quick support option works fine, and is does not install service to system)
I see someone above asked if anyone was hacked who did NOT have a TV account database with passwords...good question!
THis makes for interesting reading, but, of course I am truly sorry for those folks that became victims to the thieves....; this will harm TV's reputation for quite a while, perhaps worse than AMMYY being hurt by being the choice of Indian scammers...)