Users of TeamViewer, a service for remote computer access and desktop sharing, are accusing the company of being hacked after several reports of people’s computers being breached and even PayPal and bank accounts emptied.
Reddit users were some of the first to notice the breaches weren’t limited to a few incidents and in some cases, date back a few weeks.
Then Nick Bradley, a cyber threat researcher at IBM, fell prey to the supposed hack. While in the middle of a game, his mouse cut off and TeamViewer opened up with any prompt. “As soon as I realize what is happening, I kill the application. Then it dawns on me: I have other machines running TeamViewer!” he wrote. Luckily as he was present with his other computers at the time, he was able to interrupt the attacker’s plans and then change his password.
TeamViewer has since acknowledged the incident, but has placed the blame on users reusing passwords that may have already been compromised. User accounts connected to a number of major services including LinkedIn, MySpace, and Tumblr, have be revealed as compromised in recent weeks.
In a statement on Friday, TeamViewer spokesperson Axel Schmidt said the company contends cyber criminals accessed users’ accounts with stolen credentials from other data breaches. In other words, the company believes that people reusing the same passwords has caused this issue.
“We are appalled by the behavior of cyber criminals, and are disgusted by their actions towards TeamViewer users. They have taken advantage of common use of the same account information across multiple services to cause damage,” said Schmidt.
With the statement the company also announced two new security features to assist users – “Trusted Device,” a new option for enrolling a trusted device, and “Data Integrity,” an automated account monitoring feature.
Furthermore, TeamViewer did in fact suffer a DoS attack during the week that disrupted the network, but the company insists there was no security breach.
TeamViewer users still feel that the company isn’t taking enough responsibility and some users are struggling to buy the stolen credentials explanation as the sole source of these breached accounts.
But with no obvious alternative, it’s hard to say where else the blame might be placed.
For now, if you’re a TeamViewer user, make sure you don’t use the same password used on any other account. It’d also be a good idea to change your current password, just to be on the safe side.