Dive Brief:
-
A number of TeamViewer users say their machines were recently hijacked and a spokesman confirmed to Ars Technica that the number of those impacted was "significant."
-
TeamViewer, a service that allows users to remotely log into computers, experienced an outage on June 1 due to a DDoS-type attack, but the company maintains that is has not suffered a data breach.
-
Instead, TeamViewer has pointed to a number of large breaches that exposed more than 642 million passwords for users on LinkedIn, MySpace and others, Ars Technica reported.
Dive Insight:
"There is no evidence to suggest that TeamViewer has been hacked," the company said in a statement. "Neither do we have any information that would suggest that there is a security hole in TeamViewer. Therefore it is important to stress there are no TeamViewer hackers, but rather data thieves that will steal information from other sources."
Some Reddit users "claimed to have had their TeamViewer accounts compromised, bank accounts drained, gift cards purchased and more," Network World reported.
The company pointed to several breaches involving social networking sites like LinkedIn, MySpace, Tumblr and Fling. In some of those cases, user names and passwords were recently sold by hackers, which could indeed mean the TeamViewer hijacks were due to password reuse.
Nick Bradley, an IBM security researcher who himself experienced an attempted hijack via TeamViewer, said he believes password reuse could indeed be the problem. "At this point, I figured this was most likely due to me not changing my leaked password on TeamViewer," Bradley wrote.
Regardless, TeamViewer launched two new security measures in response, and also warned people against reusing passwords across multiple accounts.
A recent Gigya study found that only 16% of respondents follow password best practices by creating a unique password for each online account, 6% use the same password for all accounts and 63% use seven or fewer passwords across all their online accounts.
