
Many users are claiming TeamViewer has been hacked - zxcvcxz
https://www.reddit.com/r/technology/comments/4m7ay6/teamviewer_has_been_hacked_they_are_denying/
======
ryanlol
The stories in the reddit thread do not support this conclusion and seem to
largely originate from security illiterates hyping up a DDoS attack.

Lets take the first comment for example:

>Holy fucking shit. That's how I got hacked. 5/25/2016 and 5/28/2016, they
logged into one of my computers at 3:24AM both days and used my PayPal,
Microsoft account, eBay account, to buy tons of codes for different online
stores. I just checked my browser history on that computer and sure enough,
all those sites were visited. My bank took care of everything, so did PayPal
and Microsoft. It was fucking teamviewer. I enabled TFA for the time being and
turned off all computers connected to teamviewer.

This is ridiculous, if someone had in fact hacked teamviewer they wouldn't be
wasting their precious time by stealing a couple of bucks from this guys
paypal account. (Paypal accounts are essentially worthless, you can buy them
by the thousand on various forums)

A far more credible theory is that some bot is either grabbing teamviewer
credentials, and those are now being sold on fraud forums.

TeamViewer is used to manage literal fucktons of PoS infrastructure it being
compromised would be a far bigger deal than the Target breach.

~~~
devopsproject
I agree, this is most likely a case of someone using the same email and
password on multiple sites (like the 100 million account leak from LinkedIn)

~~~
ryanlol
Probably not, that type of compromise tends to be common in targeted attacks.
Not as much in generic fraud like this, as just the credentials wouldn't have
been enough to easily automatically identify this guy as a good target.

He probably had some bot on his computer that recorded him using paypal and
what not, and because paypal has some seriously impressive fraud detection
mechanisms the attacker opted to take over teamviewer (if teamviewer is at all
involved here, could be VNC provided by the malware for all we know) on his
computer.

Now, judging by the way these things generally work the guy running the bots
and the guy running remote desktop on his computer are hardly ever the same
person.

------
ddmf
A colleague noticed about 2 weeks ago that instead of 10 or so hosts in his
list on the teamviewer website had suddenly grown to 600+ hosts - I witnessed
this, and told him he should contact teamviewer. Shortly after this someone
tried to take control of his brother's machine.

We use teamviewer host and haven't seen anyone trying to log in, but I'd
rather not take the chance and have removed the software from all our
machines. If we need to remote assist someone, they can run the software
manually.

Having the ability to remote connect and repair problems is great, but when
there is the remotest (pun intended) chance that it can be used nefariously
then I'd rather limit the threat.

------
onetwotree
Streisand effect begins...

Edit: what I mean by this is that they're running absolutely shit PR on this
and it's basically convincing everyone that they're at fault, despite somewhat
limited evidence to that effect.

~~~
ryanlol
I don't think they're even running particularly bad PR, they've just confirmed
a DDoS attack and clarified that there's been no breach despite some
ridiculously bad "journalism".

People are misinterpreting them so badly you start to wonder if it's perhaps
intentional?

------
iamlolz
I haven't seen any concrete evidence yet, but it's slightly terrifying.

