A friend of mine sent me the below info from a Reddit post online. There are many other sources reporting that there is a major breach happening.
This issue is not getting enough attention, please spread it.
Users are reporting breaches, and thousands of dollars have been stolen with the client, all over /r/teamviewer and at their support Twitter account. TV is blaming users with reusing passwords, yet users with 2FA and unique very long generated passwords were hacked.
Some also suggest that their DNS servers were hijacked and the clients believed the fake server, being the method of the attack.
One of the main problems are that they are not taking responsibility: (quoted from /u/rich-uk )
Teamviewer is being used as a vector of attack. This has happened on other sites where they had no critical information and within 48 hours everyone’s logged in sessions were logged out, an email went round saying you had to click the link in the email (to verify ownership) and set up two factor auth as they knew they were being targeted. Teamviewer must know they are being targeted, and the stakes are high as the software allows complete access to a trusted machine – it’s basically a master key – and there hasn’t been a single response with teeth from teamviewer.
Update: TV still denies a breach even with this thread linked .
A few links:
- Their official statement blaming user’s passwords– archive.is snapshot
- Their support Twitter account with user interactions– [Mirror of some] [canned replies] [in case they take them down] , archive.is snapshot of some
- TV threatening writers to change articles
- The /r/teamviewer megathread
- The Register article on the issue– They are getting canned replies too.
- Inquisitr article on the issue
- LogMeIn– Now non-free, and had a bad reputation since “Microsoft Support” phone scammers used it. Trials available.
- Chrome Remote Desktop– You may be not able to control remotely if the user is not logged in (for unattended access).
- RealVNC– Free only for non-commercial use.
- TightVNC– Free for any use, open source.
- UltraVNC– [AdBlock blocking] uvnc.com is their site, ultravnc.com seems to be redirecting to RealVNC – domain squatting?
- Remote Desktop Connection – Built-in, only for Windows, third party clients available.
- GotoMyPC– Paid with trial.
- ScreenConnect– Paid with trial.
- Bomgar– Paid, seems to be more aimed at enterprise users.
- Other remote desktop software on Wikipedia