@Nick_91 : I agree that we simply do not know at this point wether it is passwords that were the weakness, Im still curious if and how this is the case only for people with accounts, as otherwise the password should be stored locally.
You keep saying we do know it was through Teamviewer, but I don't see how people are still so sure, there are various reports stating simlar things, but some going back to earlier in the year which would indicate its a gradual attack suddenly getting larger over the last few days which many people are saying was the cause of the shutdown.
More likley anyone affected has another weakness on their system, either a RAT installed or a botnet infection, if a hacker has access and sees a Teamviewer process running it would be easier for them to use it then various command prompts. A log would then of course show a connection from Teamviewer but it doesn't confirm 100% that this was the original entry.
Don't get me wrong, I use Teamviewer and if they are somehow to blame I hope they and any other corporation with lax securuity and customers details are taken to task for it, but I'd say it's from from certain with no solid evidence from either side.
Cheers