Heads up, TeamViewer users. There's trouble in the air, and it's not quite clear where it's coming from. The software is making inroads into remote banking automation, though not in the form one would expect. Many users are reporting that their TeamViewer-enabled computers were broken into by unknown attackers, who proceeded to clean out PayPal accounts, order gift cards and items from online stores, and perform other equally helpful operations. The company has issued a statement indicating there was no security breach on its servers, and attributes the break-ins to poor password choices and a piece of Windows malware currently in the wild.
The TeamViewer software offers cross-platform remote control functionality. While the most common method for using it is on a single machine with a randomly-generated username and password, the service also allows users to have a site account to keep a collection of computers and optionally log into them directly. The company may have a point about weak passwords. The recently-reported LinkedIn and Tumblr breaches have potentially exposed over 100 millions passwords, and it's a well-known fact that many users can't be bothered to pick a more imaginative password than "firstnameyearofbirth."
There's a fly in TeamViewer's ointment, though. Some users that reported break-ins had the service's two-factor authentication enabled, which should have prevented unauthorized access even if the attacker was holding the correct credentials. That would leave the Windows malware as the only avenue for exploitation. The company's servers were down for about three hours, too, although the relevance of that fact is open to interpretation.
TeamViewer says a DDoS attack was targeting its DNS servers, although predictably, many users aren't convinced. A few of them actually caught the miscreants in the act, too. TR gerbil "HorseIicious" told us his tale of woe, mercifully to the tune of "only" $175. The company is recommending that users contact law enforcement agencies about the break-ins.
|Intel's Core i5-8250U CPU reviewed||46|
|Cranberry Relish Day Shortbread||5|
|FSP CMT-series cases keep it clear and simple||3|
|Wednesday deals: sweet displays, a $150 Ryzen 5 1500X, and more||10|
|MSI Optix MAG24C gaming monitor offers a lot of color for a little cash||8|
|Intel patches new vulnerabilities in its Management Engine||38|
|National Stuffing Day Shortbread||19|
|Tuesday deals: a 4K monitor, a 1 TB SSD, and much more||23|
|Break records with EVGA's GTX 1080 Ti Kingpin Hydro Copper Gaming||13|
|Working on it.||+23|