TeamViewer also experienced a service outage on Wednesday and some users assumed it might be somehow related to the attacks.
On the other hand, some have confirmed that their passwords were exposed in the recent Myspace and LinkedIn leaks. However, a handful of users have reported getting hacked via TeamViewer even with 2FA enabled. TeamViewer has advised users to set strong, unique passwords and enable two-factor authentication (2FA) on their accounts. “As TeamViewer is a widely spread software, many online criminals attempt to log in with the data gained from compromised accounts (obtained via the aforementioned vulnerable sources), in order to discover whether there is a corresponding TeamViewer account with the same credentials.” The latter ones tend to be targeted by professional data thieves,” the company added. While many suppliers have proper security means in place, others are vulnerable. “Unfortunately, users are still using the same password across multiple user accounts with various suppliers.
“TeamViewer is safe to use, because TeamViewer has proper security measures in place including end-to-end encryption to prevent man-in-the-middle attacks, anti-brute-force means, and more,” TeamViewer said in a statement. TeamViewer is pointing to password reuse, which is entirely possible given the recent big breaches Reddit reported last week that it had reset the passwords of 100,000 users over a two-week period after detecting unauthorized access. Hackers recently leaked hundreds of millions of credentials stolen a few years ago from LinkedIn and Myspace, which has led to a surge in account takeover attempts.
Password reuse could be the cause of these attacks. However, the vendor has ruled out both these scenarios, saying that the attackers are most likely leveraging leaked passwords and counting on the fact that many people use the same password across multiple websites. Many assumed that TeamViewer was either hacked or someone identified a serious vulnerability in the application. The attackers are accessing victims’ accounts through their web browser, which is often configured to remember credentials for commonly used online services. Users reported on Reddit that their computers were remotely accessed through TeamViewer by unauthorized parties who attempted to steal money from their PayPal accounts and purchase various items on eBay and other websites. Many users have complained that their computers were accessed by hackers via the popular remote access and support tool TeamViewer, but the company says its systems have not been breached.
0 kommentar(er)
