Cybersecurity Alert - TeamViewer Users Report Personal Account Breaches

June 3, 2016

Threat Summary

Users of TeamViewer, a remote control tool for desktop computers and mobile devices, have reported that their computers were hijacked via TeamViewer and used to steal money from bank accounts and PayPal, among other malicious activities. Many of the affected users claim to have had strong passwords and two-factor authentication enabled on their TeamViewer accounts. TeamViewer denies that its system was breached, although it did admit that its DNS systems were offline for several hours on June 1, 2016, due to a denial-of-service (DoS) attack. More information

ACA Aponix Guidance

ACA Aponix strongly recommends against using third-party remote access systems such as TeamViewer that are always on and unattended. If using such a system:

  • Consider migrating to a more secure alternative for remote access;
  • Disable unattended access to the machine if possible;
  • Review access logs immediately for unauthorized access, and on a periodic basis thereafter;
  • Enable two-factor authentication for remote access;
  • Enforce password policies that require strong passwords and frequent rotation; and
  • Never leave personal banking websites or other sensitive data or websites open and logged in.

If you may have been impacted by the TeamViewer attack, please contact us for further guidance on mitigating the risks around on-going access or a further breach: