TeamViewer, known by the popular remote access software, was the victim of a DDoS attack on Wednesday, June 1. The remote connection service stopped working due to the attack.
Since then, several complaints have been reported on social networking sites like Twitter and the Reddit by people who claim that their devices used by TeamViewer were violated.
Specifically the complaints state that unauthorized remote connections were observed and others claim that the computer τους παραβιάστηκε, παρά τον έλεγχο ταυτότητας δύο παραγόντων και ότι οι επιτιθέμενοι κατάφεραν να κλέψουν χρήματα από την PayPal και άλλες υπηρεσίες.
TeamViewer denies that their systems have been violated and that DNS issues caused by DDoS attack are not related in any way to user claims.
However, the claims of users reporting breaches in their systems need further investigation as by using TeamViewer to connect remotely, attackers gain access to exactly what the user can see, i.e. as if using the system locally.
This includes opening programs, downloading files from the Internet, accessing web pages, stored passwords and other data that may not be protected locally.
What you can do if you use TeamViewer
The first thing you need to do is check the logs that show who and when it was connected:
Windows: if you are running the full application select Extras - Open Log Files.
Windows: if you are running the Quick Support version, click on the tool symbol in the top right corner and select Open Logfiles.
Linux: run as root the teamviewer -ziplog command
Log files for Windows are stored in the pro directoryletter, and are usually retained even if you remove the program from the device.
Check the logs and if you notice any violation, immediately change all the passwords you use. Check your accounts and your account history, if any, by paying special attention to accounts on money-related websites such as PayPal or Amazon.
If TeamViewer runs on your devices, make sure that at least your device is not left unattended for the time being.