Heads up, TeamViewer users. There's trouble in the air, and it's not quite clear where it's coming from. The software is making inroads into remote banking automation, though not in the form one would expect. Many users are reporting that their TeamViewer-enabled computers were broken into by unknown attackers, who proceeded to clean out PayPal accounts, order gift cards and items from online stores, and perform other equally helpful operations. The company has issued a statement indicating there was no security breach on its servers, and attributes the break-ins to poor password choices and a piece of Windows malware currently in the wild.
The TeamViewer software offers cross-platform remote control functionality. While the most common method for using it is on a single machine with a randomly-generated username and password, the service also allows users to have a site account to keep a collection of computers and optionally log into them directly. The company may have a point about weak passwords. The recently-reported LinkedIn and Tumblr breaches have potentially exposed over 100 millions passwords, and it's a well-known fact that many users can't be bothered to pick a more imaginative password than "firstnameyearofbirth."
There's a fly in TeamViewer's ointment, though. Some users that reported break-ins had the service's two-factor authentication enabled, which should have prevented unauthorized access even if the attacker was holding the correct credentials. That would leave the Windows malware as the only avenue for exploitation. The company's servers were down for about three hours, too, although the relevance of that fact is open to interpretation.
TeamViewer says a DDoS attack was targeting its DNS servers, although predictably, many users aren't convinced. A few of them actually caught the miscreants in the act, too. TR gerbil "HorseIicious" told us his tale of woe, mercifully to the tune of "only" $175. The company is recommending that users contact law enforcement agencies about the break-ins.