Howdy, Stranger!
Categories
- 3.7K All Categories
- 3K The Midnight Age
- 757 Announce posts
- 122 Newbies
- 6 Class Guides
- 803 Harpy's Head Tavern
- 57 Echo Canyon
- 309 Self-Affirmations
- 163 Town Crier
- 135 The Exchange
- 167 Sparring Grounds
- Combat Guides
- 30 Combat Logs
- 188 Idea Box
- 9 Classleads
- 578 Roleplay Logs
- 107 Aetolia Development
- 5 The Void
- 742 Miscellaneous
- 9 Announcements
- 417 OOC Chat
- 215 Tech Talk
- 45 Scripts
PSA: TeamViewer servers have been hacked.
Hello, everyone!
I know it's been awhile since I've played but seeing as how a lot of Aetolia players use TeamViewer for helping with Mudlet remotely, I wanted to make sure I spread the news about this ongoing situation - hopefully in time to be of help! I was actually introduced to TeamViewer by a fellow Aetolian but never registered it and have found no sign yet of being among the victims. Phew!
So I repeat..
If you have TeamViewer installed, you are potentially at risk - especially if you are registered.
The program runs constantly, even when closed. You can verify this yourself by going to the log file inside its folder, which will let you see its constant activity and check the IP addresses listed. If you're registered, another thing to do is log in and check the account's recent connections. There is a whole slew of information on what to do to see if your computer has been accessed already, but be warned if you have a TeamView account and go to change your password or add 2-factor authentication if you didn't have it already (not that it will help protect you during this situation!), that list of recent connections will be WIPED CLEAN. Be sure to check the recent connections first and take screenshot evidence of any suspicious connections (generally from China in this case) before making any changes to your TeamView account.
The thing to keep in mind here is that this is not simply a case of the victims using poorly chosen TeamView passwords or insecure methods of access resulting in their security being compromised, as the company has tried to claim- even victims who already have two-step authentication on their TeamView accounts have been attacked. On the upside, Paypal is apparently aware of this issue and have been very quick to act as more and more customers report the fraud to them, so if you're a victim of this, make sure you reference the issue as being the TeamView remote hack. It's currently recommended that Paypal users enable 2FA to help minimize their risk from this and future hacks.
Here's some links to read up on:
The Register's article
TeamViewer Subreddit, lots of useful posts and security tips
ZDNet's article on the issue
One of Reddit's numerous articles, this time from the Technology Subreddit
Paypal's 2FA security page
haveibeenpwned.com, a site to check your email addresses against website data breaches that may have revealed your passwords
Stay safe, puppers.
I know it's been awhile since I've played but seeing as how a lot of Aetolia players use TeamViewer for helping with Mudlet remotely, I wanted to make sure I spread the news about this ongoing situation - hopefully in time to be of help! I was actually introduced to TeamViewer by a fellow Aetolian but never registered it and have found no sign yet of being among the victims. Phew!
If you have TeamViewer installed, you are potentially at risk - especially if you are registered.
Despite the company's repeat denials, TeamViewer's servers have apparently been hacked recently and people from all over are being hit by hundreds to thousands of dollars worth of fraudulent purchases ever since May 28th. It's not clear yet if it's only limited to registered users but it's being recommended to remove the program whether registered or not. What's happening is that a computer which has TeamViewer installed will get connected to remotely, sometimes right in front of a person using it. The hacker proceeds to take control of the mouse to visit merchant websites and also install password sniffing software. On those computers where the person has saved passwords in the browser that simply auto-fill on Paypal, Amazon, Ebay, and other such online merchants, the hacker then just logs in and begins making purchases straight from the victims own computer, therein bypassing most security measures. It should be noted that a little 'session' window is generally visible in one corner of the screen while this is going on but when the hacker notices any mouse movement or computer activity that they haven't initiated, they drop connection immediately and go to the next target.So I repeat..
If you have TeamViewer installed, you are potentially at risk - especially if you are registered.
The program runs constantly, even when closed. You can verify this yourself by going to the log file inside its folder, which will let you see its constant activity and check the IP addresses listed. If you're registered, another thing to do is log in and check the account's recent connections. There is a whole slew of information on what to do to see if your computer has been accessed already, but be warned if you have a TeamView account and go to change your password or add 2-factor authentication if you didn't have it already (not that it will help protect you during this situation!), that list of recent connections will be WIPED CLEAN. Be sure to check the recent connections first and take screenshot evidence of any suspicious connections (generally from China in this case) before making any changes to your TeamView account.
The thing to keep in mind here is that this is not simply a case of the victims using poorly chosen TeamView passwords or insecure methods of access resulting in their security being compromised, as the company has tried to claim- even victims who already have two-step authentication on their TeamView accounts have been attacked. On the upside, Paypal is apparently aware of this issue and have been very quick to act as more and more customers report the fraud to them, so if you're a victim of this, make sure you reference the issue as being the TeamView remote hack. It's currently recommended that Paypal users enable 2FA to help minimize their risk from this and future hacks.
Here's some links to read up on:
The Register's article
TeamViewer Subreddit, lots of useful posts and security tips
ZDNet's article on the issue
One of Reddit's numerous articles, this time from the Technology Subreddit
Paypal's 2FA security page
haveibeenpwned.com, a site to check your email addresses against website data breaches that may have revealed your passwords
Stay safe, puppers.
(Web): You say, "I know there's something I'm forgetting.."
(Web): Sevaan says, "You forgot to border the letter with macaroni art?"
4
Comments
But thanks for letting us know, @Isande, just went and uninstalled.
Also, if they want your stuff, they're gonna get it. There's multiple different ways to do this, this is just one new way they've temporarily found until Teamviewer locks down their security more. Plus, my bank is awesome and calls me whenever there is any questionable purchase over a certain limit or that just doesn't seem right. I've even been called about Aetolia purchases.
I'd say just be cautious, but no need to be -afraid- of Teamviewer.
You sound like you work for Teamviewer, with what they've been saying through it all.
How is this ANY different from when Sony's servers were hacked back in April 2011 and millions of people had their personal and CC information breached? People still continue to subscribe and buy stuff from the Playstation store (even after Sony was hacked), to this day.
https://www.theguardian.com/technology/2011/apr/26/playstation-network-hackers-data
Or how is it any different from when Blizzard had their servers hacked and users had their information stolen? People still subscribe to Blizzard and play their games.
http://www.ibtimes.co.uk/blizzard-battle-net-hacked-servers-diablo-3-372316
It's not ignorance to tell people to be cautious, because that's exactly what Sony and Blizzard did. In this day and age, you cannot protect yourself 100% from cyber threats out there. No matter what security system a company may have (Sony, Microsoft, Blizzard, Teamviewer, Netflix, etc), if someone wants to hack it bad enough and has the knowledge, time, resources to do so, they're going to hack it.
Are there reported losses, sure. However, that doesn't mean you need to be AFRAID of Teamviewer being on your computer. People obviously weren't afraid to keep playing WoW, Starcraft, D3, or any game on the PS Network. Why should you be afraid to keep Teamviewer installed on your computer?
Now that being said, I did change my password (it was already unique, but figured why not) and have been keeping an eye on activity. I think it's less likely that they pulled the login information from TV's servers and way more likely that this used a combination of previous attacks timed with this ddos of TV's servers.
It's hard to tell what's going on, and obviously this is a touchy subject, but remember that leaving things auto-logged in like emails/bank accounts/credit card accounts is a bad idea. Using the same or similar passwords cross systems is also a bad call. And whenever you're in doubt change the password.
If you worry about not being able to remember your password, there are plenty of password solutions out there that will generate a string of hex (very secure) for each password uniquely and save it locally in an encrypted file. Just remember to never save a password in plain text.
As a side note, I'm working on my MS degree in cyber security, so this is all very fascinating. If anyone has an article or report from an actual expert in the field on this, could you please share because I would love to read it.
I'm glad you were right there and able to stop the intruder from doing any harm on your computer, Toz. You're lucky! Hope your grandmother's computer is alright now and that she didn't suffer any monetary or other losses as a result of this fiasco.
Looking at some of your replies, I'm not certain if you read everything, Zsadist. This doesn't seem to be just an issue of poor password choices as people with 2FA active have been hacked too- unless all those people's email accounts were also compromised, of which there has been absolutely no mention of so far. This all points at a deeper problem within the servers themselves. That being said, you did pose a question I can answer! If you feel confident and want to take your chances, that's certainly your prerogative, considering your skillset. You need to keep in mind though that the combination of your password habits, technical skillset, and capability to handle an attack likely don't match the average user, for whom removing the vulnerable program is simply the best bet. Operating under the assumption this is purely a password-related compromise, anyone who isn't 100% certain in their password diversity and strength should be afraid to keep the program on their computer.
The problem here is that no one is really sure exactly how it's happening. TeamViewer, instead of being proactive, isn't doing much to help clarify the issue other than to repeatedly deny there has been any info breach in the first place and blaming it all on the users. However, an ArsTechnica article I just read mentions there was an IBM security researcher among the early hijack victims and links to his article on the experience where he offers some opinions.