Teamviewer hacked
-
Not really much chatter this week about this.
TV is still claiming it was weak passwords and that their 2FA was in fact not compromised. For all the clamoring on reddit, no one has submitted anything to TV yet.
-
GFI came up with a solution to assisting with this issue.
-
@DustinB3403 said in Teamviewer hacked:
GFI came up with a solution to assisting with this issue.
So did I
http://howto-uninstall.windowsuninstaller.org/wp-content/uploads/2013/08/Uninstall-TeamViewer-8.jpg
-
@MattSpeller said in Teamviewer hacked:
@BRRABill said in Teamviewer hacked:
No real updates on this. Same sorts of back and forth it looks like.
Noooooooooo no no. No update. No hack. Ssshhhhh all is ok now.
Is Teamviewer taking a page out of Lenovo's book?
SuperPhish is found, quickly reclassify a bunch of product lines to consumer before admitting to SuperPhish. "But it was only on consumer lines of products!"
I don't see how it could make any difference, but wouldn't surprise me to find out they're trying some sort of cover up.
-
@travisdh1 I don't honestly know
Companies immediately lose 100% of my trust when they handle stuff like this poorly. Teamviewer is a spectacular example.
-
@MattSpeller said
@travisdh1 Companies immediately lose 100% of my trust when they handle stuff like this poorly. Teamviewer is a spectacular example.
How are they handling it poorly?
-
@BRRABill said in Teamviewer hacked:
@MattSpeller said
@travisdh1 Companies immediately lose 100% of my trust when they handle stuff like this poorly. Teamviewer is a spectacular example.
How are they handling it poorly?
Denial, lack of communication and action
-
@BRRABill said in Teamviewer hacked:
@MattSpeller said
@travisdh1 Companies immediately lose 100% of my trust when they handle stuff like this poorly. Teamviewer is a spectacular example.
How are they handling it poorly?
"No hack occurred, nothing to see here"
-
@BRRABill said in Teamviewer hacked:
@MattSpeller said
@travisdh1 Companies immediately lose 100% of my trust when they handle stuff like this poorly. Teamviewer is a spectacular example.
How are they handling it poorly?
At a minimum all I ask is to send out a notice to all customers of EXACTLY what is happening and why. Remediation steps would be a nice addition.
-
@MattSpeller said
At a minimum all I ask is to send out a notice to all customers of EXACTLY what is happening and why. Remediation steps would be a nice addition.
I think they basically did that. They said they were not hacked, it was weak passwords (which they later said was too strongly worded), and that people should take advantage of their other security things they already had in place.
It seems now they are FORCING people to use these security measures. So, much better for security, but it will probably drive away people who don't want to be bothered.
-
-
I have had my work Surface Pro 3 taken over Twice while teamviewer was running. Changed all Passwords, enabled 2FA and it still happened again. Contacted Teamviewer Support and what did they say? They said it must have been my fault and their software had no security holes. My Co-workers computer was also taken over, however he didn't have 2FA enabled. Nothing was compromised on our systems but we are now in the search for a new provider. Teamviewer can no longer be trusted! Their support is crap. They play, let's blame the users and not actually look at our software.
edit: I should add that I had a 18 character password with letters, numbers, caps as well as 2FA enabled plus the normal work security settings. Teamviewer was the hole, not our system.
-
@BRRABill said in Teamviewer hacked:
@DustinB3403 said i
"No hack occurred, nothing to see here"
Has anyone yet proved there WAS a hack?
I don't believe so, but something clearly has occurred. Or people are just out to steal money / buy crap and then claim it was theft due to TeamViewer and dispute the charges with their banks.
-
@david.wiese said in Teamviewer hacked:
I have had my work Surface Pro 3 taken over Twice while teamviewer was running. Changed all Passwords, enabled 2FA and it still happened again. Contacted Teamviewer Support and what did they say? They said it must have been my fault and their software had no security holes. My Co-workers computer was also taken over, however he didn't have 2FA enabled. Nothing was compromised on our systems but we are now in the search for a new provider. Teamviewer can no longer be trusted! Their support is crap. They play, let's blame the users and not actually look at our software.
edit: I should add that I had a 18 character password with letters, numbers, caps as well as 2FA enabled plus the normal work security settings. Teamviewer was the hole, not our system.
While, I personally believe you, and believe that shit happened to TeamViewer, there is no proof. The problem here is that this is only your claim.
No one has been able to provide 100% documented proof.
-
That sucks, sorry to hear that.
Did you reach out to them recently? They have been looking for people who had 2FA on and got hacked.
Also, do you know if you still had the random password on? I know that's something I did, and have recently turned off.
-
@BRRABill said in Teamviewer hacked:
That sucks, sorry to hear that.
Did you reach out to them recently? They have been looking for people who had 2FA on and got hacked.
Also, do you know if you still had the random password on? I know that's something I did, and have recently turned off.
No I haven't reached out to them because the last time I did, they essentially blew me off and told me it was my fault. I contacted them 4 months ago when this initially happened. And yes I have the random password turned off.
-
@JaredBusch said in Teamviewer hacked:
@david.wiese said in Teamviewer hacked:
I have had my work Surface Pro 3 taken over Twice while teamviewer was running. Changed all Passwords, enabled 2FA and it still happened again. Contacted Teamviewer Support and what did they say? They said it must have been my fault and their software had no security holes. My Co-workers computer was also taken over, however he didn't have 2FA enabled. Nothing was compromised on our systems but we are now in the search for a new provider. Teamviewer can no longer be trusted! Their support is crap. They play, let's blame the users and not actually look at our software.
edit: I should add that I had a 18 character password with letters, numbers, caps as well as 2FA enabled plus the normal work security settings. Teamviewer was the hole, not our system.
While, I personally believe you, and believe that shit happened to TeamViewer, there is no proof. The problem here is that this is only your claim.
No one has been able to provide 100% documented proof.
I wonder if the logs would tell anything?
-
I know of one UK MSP who has removed Teamviewer from most of their devices as a result of this, turned security up to 11. It is only left live on 1 server per client site which needs a log in prompt anyway and all security options in TV are enabled.
Soon they will be on to another tool I'm guessing.
Now if TV have not been hacked fine but their PR handling of this is costing them customers, period.
-
@david.wiese said
I wonder if the logs would tell anything?
They should.
It would show all the incoming connections. It should also be in your account section on their website, it should list all connections.
-
On a side note, how does one hack 2FA?
Or does it depend on the implementation?
For example, to log into TV, I use Google Authenticator, and I put that code into the TV website. So, where would the hack be? Hacking the reception portion of TV?
