Finally TeamViewer confirms it has been hacked, says number of users hacked is ‘significant’
Several instances were reported last month when TeamViewer users complained that their accounts were accessed by online hackers. The company had reportedly suffered a data breach leading to the compromise of user accounts and PCs. TeamViewer officials continued to deny the hack over the weekend stating that the hack happened because of users.
TeamViewer is the most popular remote desktop platform used to remotely use desktops, share them or have an online conference through presentation mode. In many of the cases, these online criminals drained PayPal and bank accounts of affected users for the purpose of making purchases ranging from designer clothes to gift cards.
Simultaneously, TeamViewer’s network was disrupted by a denial-of-service (DoS) attack, but the company insisted the incidents were not related.
An official TeamViewer spokesperson Axel Schmidt confirmed to technology website Ars Technica that a “significant” number of accounts have been breached, but at this time, no fixed figure can be given.
However, TeamViewer still abided to the company’s earlier statement that blamed “unprecedented large scale data thefts on popular social media platforms and other web service providers” for the series of attacks.
Hundreds of millions of hacked account details from MySpace, Tumblr, Linkedin and other companies have been offered for sale online during the past two weeks.
TeamViewer said it was likely passwords stolen in those “mega-breaches” that had also been used for TeamViewer accounts were helping cyber-thieves win access to users’ computers.
“They have taken advantage of common use of the same account information across multiple services to cause damage,” it said.
The spokesman denied claims the hacks were taking place because attackers had managed to penetrate its network and steal login names and passwords.
In an interview with Ars, Schmidt said, “We’re not doubting TeamViewer accounts have been abused,” Schmidt said. “It’s just this is not because of a TeamViewer weakness [..] We have reason to believe that’s because of the reuse of passwords. Obviously, what we’re not doubting is that yes, people have been ripped off by online criminals and their bank accounts may have been emptied, but again that’s not a TeamViewer vulnerability.”
When asked if hackers managed to bypass TeamViewer’s two-factor authentication, he said there is no ‘conclusive evidence’ that can prove that the two-factor authentication has been compromised. Also, without user log files, which are not being submitted by the TeamViewer users, there is no way to verify these claims and find out the real cause of the attack.
While still maintaining TeamViewer is not at fault, the spokesman did say sorry to users for the firm’s response to the original reports.
TeamViewer wants to “sincerely apologize” to users who were offended by the company’s choice of words, and Schmidt says that they “never meant to offend anyone.”
“So you want to be extra careful, and that’s what we meant to bring across. We’re deeply sorry if we offended anyone by our choice of words.
It’s really important to understand that TeamViewer is a tool that needs to be used sensibly and extremely smartly,” he concluded.