If you’re a user of TeamViewer, the very popular “remote support, remote access, and online meeting software” for Windows, OS X, Linux, Chrome OS, iOS and Android, you might want to take a second to change all of your passwords. In fact, before you finish this article, before you learn why you should change your TeamViewer passwords, go change them right now to be really strong passwords and take down any copies you usually leave running that aren’t absolutely necessary … it’s that big a deal.
Okay? Done? Good. The reason for my urging you to take immediate action is that through as yet undetermined means, someone or ones have managed to acquire an unknown but apparently huge number of TeamViewer account credentials and as a consequence, a number of TeamViewer users claim to have suffered huge financial losses.
This all came to light over the last few days and the reports of TeamViewer accounts being used as an entry point to rack up charges on users’ PayPal, eBay, and Amazon accounts. There are also claims that TeamViewer users who had set up two factor authentication have also had their accounts compromised.
Over on Reddit there’s the Teamviewer Breach Masterthread which is filling up rapidly with reports, but the company behind TeamViewer claimed in a press release (oddly dated a week before the story emerged) that they haven’t been breached:
TeamViewer is appalled by any criminal activity; however, the source of the problem, according to our research, is careless use, not a potential security breach on TeamViewer’s side. Therefore TeamViewer underscores the following aspects:
- Neither was TeamViewer hacked nor is there a security hole
- TeamViewer is safe to use and has proper security measures in place
- Our evidence points to careless use as the cause of the reported issue
TeamViewer’s technical response to this breach has been to add a “Trusted Devices” feature that requires you to authenticate every device you access your TeamViewer account from, as well as mandatory password resets for TeamViewer accounts that have shown suspicious activity.
Has the TeamViewer breach or whatever it turns out to be affected you?
Comments? Thoughts? Send me some closely surveilled feedback via email or comment below then follow me on Twitter and Facebook. The NSA does, why shouldn’t you?