http://news.softpedia.com/news/teamview ... 4758.shtml
http://www.theregister.co.uk/2016/06/01 ... ch_report/
The /r/teamviewer community on Reddit is blowing up over this. You can find more information in the threads there.
TeamViewer say they haven't been hacked. They say users have been careless with using the same password on multiple websites and if they have been attacked through TeamViewer, it would have been through their password having been stolen from another website.
Right now we don't have all the facts but as also Linux users are reporting having been hacked I would at this time urge caution and to remove TeamViewer from all your computers and devices. Make sure to grab the TeamViewer logs before you do this! On Linux run the command
teamviewer --ziplog to create a zip of the TeamViewer logs, as you can't access those after removing TeamViewer. As more details come out you may be able to use these logs to confirm whether you have been hacked or not. If you have a TeamViewer account you may also use the tips in https://www.reddit.com/r/teamviewer/com ... _accessed/ to confirm whether you have been hacked or not.If you want/need to continue to use TeamViewer, read the security best practices thread and follow up on that advice: https://www.reddit.com/r/teamviewer/com ... practices/
Update: BigEasy provided a link to a thorough walkthrough for securing TeamViewer: How to Lock Down TeamViewer for More Secure Remote Access
Update 2: TeamViewer have two new features to improve security of your account: Trusted Devices and Data Integrity
In short, similar to how Steam does this, when you sign in to your account from a device you've not signed in with previously—TeamViewer will send you an email on your account email with a link to authorize that device to be used. This should be an immediate stop to hackers gaining access to TeamViewer accounts.
The second new feature is less well explained; TeamViewer will monitor your account for "unusual behavior" and force a password reset if such behavior is detected.
In the announcement they also "underscore that TeamViewer account authentication uses the Secure Remote Password protocol (SRP) and therefore does not store any password-equivalent data." Looking up SRP on Wikipedia (https://en.wikipedia.org/wiki/Secure_Re ... d_protocol) explains that on the server a "cryptographic verifier derived from the password" is stored.
It does look like TeamViewer were correct in that the hacked users were using weak passwords or reused passwords. With the above two new features to improve security and taking note of the tips in How to Lock Down TeamViewer for More Secure Remote Access I would be fine with using TeamViewer again.
LogMeIn was great but they put up a pay wall so we swapped to Teamviewer.
