TeamViewer Investigation Points To Reused Login Credentials From Hacked Websites

Some people may remember the TeamViewer hack, which affected several thousand users. Some people even complained about money being stolen from their PayPal account in the process. As it turns out, most of the affected users are to blame for this debacle, as they reused passwords.

TeamViewer Still Denies Allegations

Reusing a password in this day and age is asking for trouble, unfortunately. The TeamViewer hack got a lot of attention, even though the company continues to deny allegations of their services being hacked. Instead, they blame users for reusing passwords obtained through other hacked platforms, such as LinkedIn or MySpace.

While it is difficult to prove who is to blame for this breach, the explanation by TeamViewer sounds plausible. Moreover, the company implemented some new security features to ensure these attacks would not happen again in the future. Even if users reuse an old password, the software will send an email to the user, and ask for permission to approve or deny these requests.

Although there is an argument to be made as to how this solution comes after the facts, it is still positive to see TeamViewer acknowledge the problems. Checking the GPS coordinates of login attempts is another added security feature. This one is particularly interesting, as it should give users a clear idea as to where their account is being accessed from.

It is worth noting TeamViewer decided to investigate this breach a bit further, as they came across the list of leaked passwords from other platforms. After cross-referencing some data, it turns out several users did indeed reuse their passwords. Since the assailants also had access to user email addresses – which were also reused – it did not take much effort to cause a massive wave of hacking attacks.

One topic that still needs clarification is whether or not users with 2FA enabled were hacked as well. TeamViewer advised all affected users to upload their log files so the company can continue their investigation. Mainly users who claim to have had 2FA enabled should send over their records. The company does not exclude the possibility something went wrong with this level of security, but they want to form a full timeline of the events first.

Image credit 1

If you liked this article follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin and altcoin price analysis and the latest cryptocurrency news.