Remote support software company TeamViewer continues to contest claims this week it was hacked and instead claims that password reuse and careless user actions may have led to some of its customers’ machines being compromised.
The German company has been vigilant with its stance since posting a statement on the issue last Monday, but that hasn’t stopped customers from venting online since.
Users flooded both Twitter and Reddit with further accusations this week, complaints that were only compounded by a denial-of-service attack that brought the company’s DNS servers offline for a period on Wednesday. TeamViewer assured users via email that it was back up and running early Wednesday afternoon, and used the opportunity to insist the downtime was not the result of a security breach.
We are back up and running again. However it may take some time until all regions are back to regular service.
— TeamViewer Support (@TeamViewer_help) June 1, 2016
On Reddit, one customer Wednesday claimed an attacker attempted to access his Yahoo, PayPal, and Amazon accounts through TeamViewer. Another claimed an attacker managed to hack him through his smart television. TeamViewer extended remote support to smart TVs earlier this spring. Another user claimed he had his PayPal account drained and that an individual went on a “spending spree buying giftcards, XBox Live memberships, skinny jeans, and a $450 jacket,” making roughly $3000 in purchases.
The company stressed that using the same password for TeamViewer across multiple platforms and caching account credentials in browsers could have led to account compromise and many of the reported hacks.
Astute TeamViewer users on Reddit are encouraging users to check their browser history, PayPal transactions, and TeamViewer logs for suspicious activity. Other users are encouraging customers who think they may have been hacked to do a search for “webbrowserpassview.exe” in their logs. If it shows up, users might be well served to change their passwords, because the software, a password recovery tool, can export saved browser credentials. Assuming an attacker has access to a system, it’s possible they could glean additional account credentials by copying the program and any stored credentials.
Troy Hunt, who runs the data breach repository HaveIBeenPwned.com, pointed out Wednesday that given all of the recent breaches (LinkedIn, MySpace, Tumblr) TeamViewer’s explanation for their users’ troubles is “entirely possible.”
TeamViewer is pointing to password reuse, which is entirely possible given the recent big breaches https://t.co/I8fnJUMpdb
— Troy Hunt (@troyhunt) June 1, 2016
In its statement TeamViewer urged customers to use a different password for their account and change it regularly, and also to use two-factor authentication, a feature it launched in 2013. The bulk of users who claimed they were hacked on Reddit acknowledged they didn’t have the security mechanism enabled at the time of the attack.
The company is encouraging customers who feel like they’ve been hacked to contact their local police departments.
“This is particularly important because TeamViewer is subject to very strict data protection and privacy regulations, and can release sensitive data only to authorized individuals and authorities,” the statement reads.
A rash of years-old website breaches that spilled the credentials of nearly 590 million combined users have come to light over the last several weeks. One of the affected sites, MySpace, was initially hacked in 2008 but it wasn’t until this week that information leaked on 360 million of its users, including their email addresses and the unsalted SHA-1 hashes of the first 10 characters of their passwords, was sold publicly online. Two weeks ago information on 164 million LinkedIn users, including email addresses and passwords stored as SHA-1 hashes without salt, were exposed.
Cracking a password without a salt is far easier, and could potentially be at the root of the TeamViewer issue, especially for any users who may use the same password across multiple services.