Mass abuse of the popular remote control tool has been reported in last 24 hours
Increasing reports have emerged across the Internet of individuals whose computers have been accessed without their knowledge or consent using the popular remote control application Teamviewer. Hackers who gain access to PCs are reportedly obtaining information allowing them the access bank accounts, make unauthorized purchases and collect personal information for exploitation.
It is not clear at this time whether the hacks are due to a compromise of Teamviewer’s own servers, or due to hackers utilizing leaked passwords from sites such as LinkedIn and attacking account where the owner has reused the password for multiple services.
Update: Teamviewer released an update on their potential hack and its cause. Click here for more information.
Given the serious potential of these attacks, we recommend users of Teamviewer take the following immediate steps:
- If you continue to use Teamviewer, immediately change your Teamviewer account password, and the username/password used to access your PC remotely. Both passwords should be unique and strong (utilizing a combination of letters, numbers, upper and lower case, and symbol characters.) Do not reuse these passwords anywhere else.
- For added security, configure Teamviewer to require confirmation for all access attempts. To do this do the following
a) In the Teamviewer application, go to Options>Advanced and click Configure Access Control
b) Match your access control settings to the below screenshot:
- If you want to be certain that your computer is safe remove Teamviewer using the Add/Remove programs function in your Windows Control Panel. As an alternative, consider Citrix GoToMyPC – www.gotomypc.ca.
- Check to determine if your passwords have been compromised by any of the recent data breaches of LinkedIn, MySpace, or others. You can check your email address at https://haveibeenpwned.com/ to determine if it appears on any known lists of compromised passwords.
- Change any account passwords you find and make them unique and strong.
- Lastly, for any sensitive accounts such as Google or PayPal, implement 2-Factor Authentication, so that signing in from any new device requires inputting an additional one-time code sent to your phone via text message.