TeamViewer Denies Being Hacked, Users Not So Sure

UPDATED with comment from TeamViewer.

Something not right happened today (June 1) with TeamViewer, the remote-desktop application installed on tens of millions of computers and smartphones worldwide.

Credit: Minerva Studio/Shutterstock

(Image credit: Minerva Studio/Shutterstock)

As the service went offline for several hours, users flocked to Reddit to say their TeamViewer installations had recently been hacked, with several saying their online bank accounts had been cleaned out.

TeamViewer itself says there is no hack or data breach, and any account hijackings stem from reuse of passwords compromised in the recently disclosed LinkedIn, Tumblr and MySpace breaches. We've reached out to the company for comment and will update this story when it responds.

MORE: What to Do After a Data Breach

"I believe I got hacked Saturday morning through TeamViewer," wrote Reddit user Morblius. "They accessed my PayPal and transferred $3,000 from my PayPal account to theirs."

"I think they got past 2fa," wrote bobsagetfullhouse, referring to two-factor authentication. "I see a connection to my PC around 2:30 a.m. last night. Good thing I have a strong windows password."

"I went to look at my active login sessions and there was a session 2 days ago from China," wrote smjiko. "My computer has been away in repairs for the last 5 days but TeamViewer has been running while they were attempting to repair the PC."

None of the Reddit accounts could be independently verified.

TeamViewer itself tweeted that "we are currently experiencing issues in parts of our network," while the separate TeamViewer Support account stated that "we have no security breach."

In a blog posting dated May 23, the German company said that any reports of account hijackings stem from "careless use, not a potential security breach on TeamViewer's side."

"TeamViewer is safe to use, because TeamViewer has proper security measures in place including end-to-end encryption to prevent man-in-the-middle attacks, anti-brute-force means, and more," the blog posting added. "Unfortunately, users are still using the same password across multiple user accounts with various suppliers."

TeamViewer is used by consumers and enterprises to remotely access computers and mobile devices. It runs on Windows, OS X, Linux, Chrome OS, Android, iOS, Windows Phone and BlackBerry.

Consumers, for whom it is free, use the software to access their home computers from work, and vice versa. Enterprise customers, who must pay for a license, use TeamViewer to monitor and troubleshoot PCs deployed across the workplace.

Even tech-support scammers use TeamViewer, persuading victims to let them install the remote-desktop client to "fix" the machines (but really show them ordinary processes that the scammers say demonstrate malware infection).

The software relies on the TeamViewer company's servers to make the initial connection between two machines, and the company says the TeamViewer software has been installed on more than 1 billion devices worldwide, with more than 20 million active at any given time.

UPDATE: Following our inquiry, a TeamViewer representative provided a press statement that read in part: "TeamViewer experienced a service outage on Wednesday, June 1, 2016. The outage was caused by a denial-of-service attack (DoS) aimed at the TeamViewer DNS-Server infrastructure. TeamViewer immediately responded to fix the issue to bring all services back up.

"Some online media outlets falsely linked the incident with past claims by users that their accounts have been hacked and theories about would-be security breaches at TeamViewer. We have no evidence that these issues are related."

The statement also obliquely warned user to avoid downloading TeamViewer software from free-software repositories, which often bundle installers with unwanted programs.

"Users should avoid all affiliate or adware bundles: While users may think they are just downloading a harmless program, the software could in fact install something else," the statement said. "Users ought to download TeamViewer only through the official TeamViewer channels such as the TeamViewer website"

Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.

  • Rocky_6
    I got hacked too. I can guarantee its TEAM VIEWER breach. I run computer and cell phone repair business. I use team viewer a lot. My computers have latest anti virus running and we scan our machines weekly. Team viewer shit down all their services for several hours to disconnect all hijackers. I uninstalled team viewer and will be looking for alternative. If they at least told the true, I would kept a software. I am encouraging everyone to stay away from TV.
  • k1664
    How can you guarantee it though? It may be coincidence that they shut their service down the day you got hacked but do you have proof?

    I have Teamviewer running on my system 24/7 and have never had it cause issues.

    Just seems to be a good scapegoat for people with lax security in other areas to blame a service such as Teamviewer.

  • kamy2014
    I got hacked too and it's definitely from Teamviewer security breach as I used different password than my LinkedIn account. During the day, while I was using TV, I noticed a sudden change of screen resolution on the remote session, then followed by inability to login to TV. Shortly after that, I got a call from Paypal who identified a bunch of suspicious charges on my account costing >$2500. Also, two transactions with total of $1500 giftcards were being posted on my Amazon account. TV's denial to their security breach has made me lost faith in that company completely. Who can trust a company that is not telling the truth? If they could be upfront and admit what truly happened, I might still give them a second chance, but not anymore now...
  • Nick_91
    Add my voice to the growing group of people talking about this.
    About 3 months ago, the same thing happened to me.
    Someone logged in to my computer via teamviewer... jumped into chrome, grabbed my passwords, bought gift cards via paypal, etc.

    It wasn't a weak password... it wasn't "lax security"...

    Teamviewer denied responsibility then... suggested that it might be because I use the same login info elsewhere (I don't) and would not give me additional info.

    They suggested two factor auth... and using the whitelist.

    They also said the following:
    "Due to data security laws in Germany, we can give out IP addresses only directly to the police, after receiving an official request.
    If you want to report this to the police, please find enclosed a request form for REQUESTING MUTUAL LEGAL ASSISTANCE IN CRIMINAL MATTERS FROM" which should be given to the Police department you will contact.
    They should also be provided with all logs involving TeamViewer from your PC.
    Please ask the Police to send the request to Federal Office of Justice in Germany."
  • k1664
    Ok, so is the assumption that Teamviewer passwords are stored on Teamviewers servers and not encrypted somewhere locally like in the registry? And that they got hacked and all passwords leaked?

    If not how exactly were end users effected? I ask this as someone that uses TV but does not have an account with them so I am generally interested.

    2FA is well worth it though is TV have that as an option.

    I have been reading all the articles regarding this and still cannot see why people are so sure it's TV that was the way in rather than some other form of infection or attachment to a botnet, which for everyone saying they're not they likely as not would not know unless they were looking for it.

    Regardless of wether I think it was them or not I am intrigued as to why people are so sure when there are so many other ways hackers can attack systems these days, yes Flash I'm looking at you!

  • Nick_91
    I don't know how they are gaining access to the systems. They may not be using passwords at all... we don't know at this point.

    What we do know, is that there are quite a few people who have been hacked THROUGH Teamviewer.

    How do we know?
    The logfile shows the connection. Teamviewer activates... and someone is actively "using" the computer remotely.
  • Jeremy_44
    I got hacked on may 27th, I was at home, and I discovered after reading these articles that it was through TV on my office computer that they gained access to my PayPal account. $8k USD was spent in under 2 hours.

    It was 5:30am and didn't realize it at the time, so I was bewildered when I couldn't stop the transactions from going through even though I had changed my Paypal password several times. Finally when the customer support at PayPal opened at 6:00am my time where they able to lock my account down and prevent the outflow of money.
  • k1664
    @Nick_91 : I agree that we simply do not know at this point wether it is passwords that were the weakness, Im still curious if and how this is the case only for people with accounts, as otherwise the password should be stored locally.

    You keep saying we do know it was through Teamviewer, but I don't see how people are still so sure, there are various reports stating simlar things, but some going back to earlier in the year which would indicate its a gradual attack suddenly getting larger over the last few days which many people are saying was the cause of the shutdown.

    More likley anyone affected has another weakness on their system, either a RAT installed or a botnet infection, if a hacker has access and sees a Teamviewer process running it would be easier for them to use it then various command prompts. A log would then of course show a connection from Teamviewer but it doesn't confirm 100% that this was the original entry.

    Don't get me wrong, I use Teamviewer and if they are somehow to blame I hope they and any other corporation with lax securuity and customers details are taken to task for it, but I'd say it's from from certain with no solid evidence from either side.

  • Rocky_6
    I can guarantee that Team Viewer got hacked, because I had 5 machines on my account. All machines were accessed through team viewer and they tried to log in to paypal and amazon accounts on all computers. I have 3am browser history. They were able to access my business computer and withdraw money and I am still waiting on paypal to refund me over $600 in charges.
  • it is teamviewer i just watched my pc get get taken over and paypal was being typed in after teamviewer popped up and logged in by itself i will report it