This has been a pretty bad week for TeamViewer. Makers of the remote desktop application are under some fire after their servers were accused of being breached by attackers. Many different users started reporting suspicious activity around the same time.
Some would look at their desktop computers to see their cursor moving and clicking on stuff. Others have claimed that their web browsers were accessed by the attackers to do stuff like drain out Paypal and bank accounts, or to buy stuff on eBay. Strangely enough, TeamViewer’s servers seemed to crash just as all of this was happening.
Despite the timing of these sudden occurrences, TeamViewer is refusing to take responsibility for a breach. In fact, they say anything that’s happening is due to lack of care on the users’ part, such as failing to use strong passwords, use 2-factor authentication, change passwords regularly and using different passwords for different websites.
It’s odd, then, that all of these account breaches are happening around the same time. Social engineering breach methods typically require the perpetrator to act on whatever data they find shortly after they gather account details, as they have no idea whether the user will change the password shortly after they gathered the credentials, or if the service automatically prompted them to reauthenticate their account after seeing suspicious activity. Even more damning is the collection of reports from those victims who do use 2-factor authentication and long, complex, and unique passwords.
All that aside, even if TeamViewer isn’t at fault for any breach, their customer service surely isn’t helping. The only word we’ve heard from the company has been that users need to be more careful, a note that was swiftly followed up with new account security tools just a couple of days later.
All of that is fine and dandy, but why aren’t there more intelligent safeguards in place to help detect suspicious account activity? After all, this isn’t some social network hack — this software gives any attacker access to your ENTIRE machine which is likely to have an extreme amount of sensitive data on it. To our knowledge, none of the users whose accounts were breached were warned of suspicious activity at the moments their accounts were accessed.
To be honest, it sounds like TeamViewer simply has no idea whether they were breached or not, with their only goal in the intermediary being to perform as much damage control as possible. It’s pretty alarming that is what it’s come down to, all things considered.
Whether they were breached or not, finding a new remote desktop application might sound like a good idea. In their attempt to absolve themselves of fault, TeamViewer showed everyone that they’re only interested in trying to protect their name instead of doing everything they can to help protect their users. Flat-out blaming users for the incident and giving a virtual “shrug” to the issue gives me no good feeling that they’ll properly handle similar situations in the future.