Disclaimer: as technology changes, advisories may become out of date or may no longer be relevant, please refer to the "Date" section of the header to be sure the advisory is recent as pertains to your situation.
Keywords: teamviewer, remote administration, service compromise
DBSA ID: 2016-06021
Regarding: Teamviewer Compromise (Unconfirmed)
Date: 2016 06 02
Last Modified: 20160602152641 by Kradorex Xeron
Who should take note: Teamviewer Users, Systems Administrators, Remote Support Personnel
Rationale: Action must be taken immediately to isolate oneself from the incident.
Rationale: Financial and user system security is at risk.
Spread of Issue: MULTI-PLATFORM HIGH
Rationale: Teamviewer is a popular software package deployed by numerous individuals, families and organizations to manage user systems remotely.
Teamviewer is a software package for remote system management to enable system administrators, support personnel and helpers to remotely operate computer systems to ease management of the same. Teamviewer offers a centralized mechanism of their software that is managed by their servers to enable their users to manage multiple systems through a central portal. On 1 June 2016, it was detected that the Teamviewer central service infrastructure was taken offline followed by reports of customer paypal accounts having their funds stolen and other reports of systems being compromised running the software.
It is suspected that usernames, passwords, email addresses, customer financial details, system information have been compromised despite the vendor's indication. Additionally, user systems may have been compromised and activity performed on those systems may be known by attackers.
Users who are affected are advised to immediately disable and uninstall the software and to monitor their financial state and to advise Paypal or other financial institution connected to Teamviewer to require seperate authorization for questionable transactions. Users are further advised to treat all emails they receive with suspicion and to only log in to services using known good links. Users who are unable to remove or disable the software are advised to forward this advisory to their System Administrator.
It is strongly advised to reset any passwords stored in browser "Save password" stores and to perform antimalware scans on systems where Teamviewer was installed.
Users are further advised as soon as they can connect to the service, to change all passwords immediately, then again at 2 weeks after.