TeamViewer claims user password practices are behind spate of attacks

Users of remote access software report PC takeovers by hackers - but company suggests users are at fault

Users of TeamViewer, remote login software that enables PCs to be accessed over the internet, claim that the software has been used in a series of attacks that have, in some cases, led to the theft of money from PayPal and bank accounts.

The company behind TeamViewer claims that it is the result of users' password practices - either using easy to crack passwords, or passwords used in multiple accounts that have been cracked elsewhere. However, user complaints were lent credence after an IBM security researcher reported a TeamViewer account takeover.

"In the middle of my gaming session, I lose control of my mouse and the TeamViewer window pops up in the bottom right corner of my screen. As soon as I realise what is happening, I kill the application. Then it dawns on me: I have other machines running TeamViewer!" wrote IBM's Nick Bradley.

He continued: "I run downstairs where another computer is still up and running. Low and behold, the TeamViewer window shows up. Before I am able to kill it, the attacker opens a browser window and attempts to go to a new web page. As soon as I reach the machine, I revoke control and close the app. I immediately go to the TeamViewer website and change my password while also enabling two-factor authentication."

Bradley suggests that the attack he was subjected to was reconnaissance by the attacker. "The attacker was simply going from one compromised machine to the next to identify who the victim was and what the timezone was, as demonstrated by the URL the attacker tried to go to."

However, the security researcher was unable to reach any conclusions over how the attacker gained access to his TeamViewer account - not just on one PC he was running, but both.

Opinion on the Reddit thread where victims of the attack have shared their story is mixed. Some suggest that the cause is a combination of weak and re-used passwords, but others suggest a direct attack on the infrastructure of TeamViewer, the Göppingen, Germany-based company behind the software.

In a statement, the company behind TeamViewer blamed users' password practices: "There have been unprecedented large scale data thefts on popular social media platforms and other web service providers. Unfortunately, credentials stolen in these external breaches have been used to access TeamViewer accounts, as well as other services," claimed the company.

However, the company said that it intends to implement new security measures, including the asking explicit authorisation for any new device before access to a user PC is granted. A ‘data integrity' check will enforce a password reset if a user account displays signs of unusual behaviour, it added.