TeamViewer, known by the popular remote access software, was the victim of a DDoS attack on Wednesday, June 1. The remote connection service stopped working due to the attack.
Since then, several complaints have been reported on social networking sites like Twitter and the Reddit by people who claim that their devices used by TeamViewer were violated.
In particular, complaints indicate unauthorized remote connections, and others claim that their computer has been violated, despite the two-factor authentication, and that the attackers managed to steal money from PayPal and other services.
TeamViewer denies that their systems have been violated and that DNS issues caused by DDoS attack are not related in any way to user claims.
However, the allegations of users reporting violations in their systems need further investigation as using TeamViewer for remote connection, attackers gain access to what the user can see, that is, as if they were using the system locally.
This includes opening programs, downloading files from the Internet, accessing web pages, stored passwords and other data that may not be protected locally.
What you can do if you use TeamViewer
The first thing you need to do is check the logs that show who and when it was connected:
Windows: if you are running the full application select Extras - Open Log Files.
Windows: if you are running the Quick Support version, click on the tool symbol in the top right corner and select Open Logfiles.
Linux: run as root the teamviewer -ziplog command
Windows log files are stored in the program directory, and are usually retained even if you remove the program from the device.
Check the logs and if you notice any violation, immediately change all the passwords you use. Check your accounts and your account history, if any, by paying special attention to accounts on money-related websites such as PayPal or Amazon.
If TeamViewer runs on your devices, make sure that at least your device is not left unattended for the time being.