I have written about TeamViewer here before, and love the platform. At least until my TeamViewer account was hacked.
After Thanksgiving weekend a couple of years ago, I returned to my office at work and when I began checking my email, I noticed a simple dialogue box on my desktop. “Thank you for using TeamViewer.” The dialogue box indicated the end of a TeamViewer session – one that I hadn’t initiated. I then noticed an application and text file on my desktop. The application was shareware that ferrets out passwords stored in common browsers – Firefox, in my case. The text file was the dump of my username and passwords! I immediately changed all of the passwords on the list and the ones not on the list too and signed up for LastPass which created unique passwords for each site. I also, changed my username or email address attached to the accounts. Several didn’t allow that, but the ones that did, I got new credentials for both.
This is where I got most disappointed and, actually, angry. I contacted TeamViewer technical support and reported the hack immediately via their website and they rebuffed my claim that it couldn’t have happened. OF COURSE it happened! I called a friend of mine who is a computer forensics expert who does some work with my organization, and he traced the login to a number of different countries – clearly there were a number of VPNs and mirror accounts used. The response I received from TeamViewer, even after pushing for them to own their platform facilitated this breach of security was unacceptable, or simply dismissive. I expected some resources to help me recover – they offered none. Perhaps their silence is based on legal requirements, if they admit to the breach then they become legally culpable for it.
The bottom-line for me – connectivity is amazing – and potentially dangerous. Use TeamViewer at your own risk. And don’t expect any recourse should your security be breached. Be proactive, be aware, and vigilant.