TeamViewer denies being hacked, blames users, and introduces new security measures
In the last couple of weeks there have been a huge number of reports from TeamViewer users that their computers have been hijacked. In addition to this, users of the remote access tool have complained of funds being extracted from PayPal and bank accounts. But TeamViewer insists that there has not been a security breach, instead shifting the blame to users.
The company says they are in the habit of reusing the same passwords for a number of apps and services. It suggests that recent high profile security breaches -- such as the password dumps from MySpace and LinkedIn -- have allowed cyber criminals to learn TeamViewer log in credentials. Despite laying the blame firmly at the feet of users, the company is introducing two new measures to help increase security.
In spite of the fact that users have been complaining for the best part of a month about account hijacking, TeamViewer has only just responded to the situation. In a statement, it says: "As you have probably heard, there have been unprecedented large scale data thefts on popular social media platforms and other web service providers. Unfortunately, credentials stolen in these external breaches have been used to access TeamViewer accounts, as well as other services. We are appalled by the behaviour of cyber criminals, and are disgusted by their actions towards TeamViewer users. They have taken advantage of common use of the same account information across multiple services to cause damage."
The statement is very carefully worded so as to avoid accepting any responsibility for what has happened. But while TeamViewer says that password reuse is the root cause of the problem, affected users on Reddit and Twitter say they have suffered account hijacking even with two-factor authentication enabled.
TeamViewer may be passing the buck, but it is taking steps to try to improve security. Two new measures will give users the ability to control which computers have access to their account, and will also look out for signs of suspicious activity. The Trusted Devices feature sends out a notification whenever a new device attempts to sign in, and blocks the connection until the user confirms that the device is theirs.
The second change is an attempt to directly combat what TeamViewer says is the cause of the recent spate of account hijacks -- password reuse. The company explains:
The second measure is designed to improve your security against individuals, such as cyber criminals, who steal account credentials and cause damage by taking advantage of the common use of the same account information across multiple services.
The system determines continuously if your TeamViewer account shows unusual behavior (e.g. access from a new location) that might suggest it has been compromised. To safeguard your data integrity, your TeamViewer account will be marked for an enforced password reset.
In this case, you will receive an email from us with instructions to reset your password.
Although TeamViewer users will welcome the new security features, many have been left disappointed by how the company has reacted to the widely-reported problem. The radio silence went on for far too long for many people and TeamViewer will also certainly be considering how it should best deal with similar situations in the future.