Why you should already be locking down TeamViewer

Editorial / Security / Tech

Post Author Max Emelianov started HostForWeb in 2001. In his role as HostForWeb’s CEO, he focuses on teamwork and providing the best support for his customers while delivering cutting-edge web hosting services.

If you haven’t already heard, there was a nasty vulnerability recently unveiled in Teamviewer. If you haven’t locked yours down already, you’re in trouble.

Employees are now more mobile than ever, and there’s an ever-increasing demand for enterprises to enable their staff to work from home. As a result, the use of remote desktop software is ever on the rise. There’s a good chance your own business has made use of them on at least a few occasions, too.

Here’s the thing, though – if you’re not careful about which tools you use, your data could be at risk. Take what recently occurred with TeamViewer. At the end of last month, the company suffered a data breach which compromised scores of user accounts. People started complaining – rightly so – about issues ranging from hijacked PCs to fraudulent purchases online.

Almost simultaneously, the application’s network was disrupted by a massive denial of service attack.

If you were in charge of operations over at TeamViewer, what would your response be? Damage control, right? You’d work out how many people were compromised, then set to work contacting them and apologizing for putting their information at risk.

Unfortunately, the company behind TeamViewer did the exact opposite. While they did introduce new security measures designed to protect user accounts, they also implied that compromised users were the ones responsible for losing their details in the first place. Just take a look at the statement they released earlier this month:

As you have probably heard, there have been unprecedented large scale data thefts on popular social media platforms and other web service providers. Unfortunately, credentials stolen in these external breaches have been used to access TeamViewer accounts, as well as other services. We are appalled by the behaviour of cyber criminals, and are disgusted by their actions towards TeamViewer users. They have taken advantage of common use of the same account information across multiple services to cause damage.

TeamViewer has since admitted responsibility for the hack (sort of). While they apologized for their choice of words in the original announcement, they still heavily implied that the breach was tied to weak passwords. This is in spite of the fact that many users reported attackers bypassing their two-factor authentication.

Either way, one thing should be clear. If your organization uses TeamViewer in any way, shape, or form, it’s probably time you look for an alternative – at least until this breach blows over. Between TeamViewer’s apparently cavalier attitude and the level of control a hacked account could potentially give an attacker, that’s a level of risk you don’t want to expose your organization to.

And those of you who have a common password between TeamViewer and one of your other accounts? Change them, even if you don’t think you’ve been breached.

Finally, I’ll leave this piece off with a bit of valuable advice for both consumers and business-level users: check out the site Have I Been Pwned? to see if you’ve potentially got any compromised accounts. The sooner you know you might be at-risk, the sooner you can take measures to mitigate that risk.

*TeamViewer responded to this editorial which can be read here

To Top