Mass-Hacking of TeamViewer Accounts – How to Confirm If You’re a Victim
Last week, a number TeamViewer users complained online that their accounts were breached. From PC hijacking to accounts being used for making purchases, there was a stream of user complaints. TeamViewer, however, persisted that it wasn't attacked and that user accounts were being hacked due to their careless password practices. Turns out the company which supplies remote desktop and control systems, has suffered from a breach (it still doesn't admit) that resulted in mass-hacking of user accounts. Wondering whether you have also been affected? Read on to find more details on how to confirm if your account is being accessed by hackers.
TeamViewer hack affects a "significant" number of users
Blaming the account breaches on the latest password dumps that have come from LinkedIn, MySpace and Tumblr resulting in over half a billion of leaked passwords, TeamViewer said that its users were being hacked thanks to their careless password practices.
As you have probably heard, there have been unprecedented large scale data thefts on popular social media platforms and other web service providers. Unfortunately, credentials stolen in these external breaches have been used to access TeamViewer accounts, as well as other services.
We are appalled by the behaviour of cyber criminals and are disgusted by their actions towards TeamViewer users. They have taken advantage of common use of the same account information across multiple services to cause damage.
While the latest password dumps may have helped hackers in getting access of more accounts, the reports of these hacks go back to a good few months and have only now escalated. After a major online uproar against TeamViewer blaming the users for being hacked, the company has now apologized for its "choice of words,"
So you want to be extra careful, and that's what we meant to bring across. We're deeply sorry if we offended anyone by our choice of words.
It's really important to understand that TeamViewer is a tool that needs to be used sensibly and extremely smartly.
How to confirm if you are also a victim of TeamViewer hack
If you are wondering whether your TeamViewer has also been hacked, head over to the TeamViewer Management Console website and log into your account. Click on your username in the top-right corner and then click on Edit Profile > Active Logins. This list will contain every device and location from where your account has been accessed.
For more details, you will have to access TeamViewer log files to see if anyone else has been using your account. Accessing QuickSupport logs differs on every operating system, here is how you access them on your Windows or OS X computer.
1- Access TeamViewer log files on Windows:
- Click on the tool kit symbol in the upper right corner > Open Logfiles...
- Open the files named ConnectionFirst.
TeamViewer full version + Host module log files on Windows:
- Click on Extras in the menu > click on Open log files...
- Open the files named Connections_incoming.txt and Connections.txt
2- How to open log files using Linux:
- Run the command teamviewer -ziplog (with root).
- Unzip the zip file and open the files named Connections_incoming.txt and Connections.txt
3- How to open log files using OS X:
- Go to Applications > Utilities > Console to start the Console app.
- Go to Files > ~/Library/Logs/TeamViewer and open Connections.txt
Once you open the log files, look for any logins that have been made using an IP address that is not yours. If there are logins from other locations, you are probably a victim of TeamViewer hack too. Also search the logs for "webbrowserpassview.exe," and if you find a result, it's time to change your password.
If you have been affected...
- Change your password immediately,
- Report to Team Viewer,
- And enable 2-step authentication.
You can enable 2-step verification from Edit profile > General > Activate link > Two factor authentication. Follow the onscreen instructions and Save the changes.
Even if you haven't been impacted, it is important to change your passwords if you have been using same passwords for the last few years. In the wake of latest password dumps, it has become even more important to make stronger password choices on every online account that you use.
Have you been affected by the latest TeamViewer hack? Don't forget to share your story with us.