Overclock.net banner

1 - 20 of 54 Posts

·
Storage Nut
Joined
·
21,109 Posts
Discussion Starter #1
Hi all,

I was up late tonight and noticed that suddenly TeamViewer popped up on the screen while watching a movie on my second monitor. Then I see an incoming connection. I'm like what the heck? Then the person successfully logged on. The user name that appeared was even more shocking, it was my own! Since I was there monitoring what the person was doing, I didn't move the mouse to immediately close the connection, instead I let them continue on their way and they didn't notice. First they went to paypal.com to check if I had an account. Next they went to paypay-gifts.com and proceeded to try to send a $100 iTunes giftcard. Now, I didn't know how quickly they could send the gift after selecting it, so I unplugged my network cable at that moment and closed the connection. I then reconnected back and changed my password, but as I was doing so, they connected again, so I just closed out the connection asap. I finally changed the password and they were immediately kicked off my account.

After this I feel violated! My mom mentioned that she had seen my computer turn on by itself and stuff moving on my screen when I have been away at times and this experience makes me think it could have happened before. I checked my TeamViewer connections log, but it seems, luckily, that tonight was the only night the person got onto my system. Now, however, I am going to have to log into my saved users computers and check their logs for this connection to see if they were violated and potentially at risk as well.

I am wondering if there is any way I could trace the person? I doubt. Or will it do any good to report it to TeamViewer?

But, man, this feels so strange to think how easily someone could have had all my info and I think back to all the times I have left the computer on while I have been away.

I just changed my passwords and white listed only my laptop and iPhone to log on to my home PC. I should be good now for security I think...

This is the last connection from the "hacker" in my connections log, the rest were definitely me.

Code:
869248884    MYUSERNAMEHERE    21-05-2016 07:59:44    21-05-2016 08:05:52    Sean    RemoteControl    {6CF499FB-7267-41EA-9D0E-85C4BC2439DA}
Code:
869248884    MYUSERNAMEHERE    21-05-2016 08:06:46    21-05-2016 08:06:53    Sean    RemoteControl    {8E5E789A-1015-4F83-8FB9-F2D91A6D24E1}
EDIT: Actually, after looking through my logs it seems like the person is from China or routed through a Chinese server, I found the IP address to be 60.179.61.186 as well as another IP of 123.152.22.171

EDIT: What the heck? http://www.overclock.net/t/1600746/i-was-hacked-through-teamviewer-now-what/0_100#post_25228377
 

·
Registered
Joined
·
2,562 Posts
oh boy... this isn't a nice fealing indeed!

I would report that if it happened to me! And my god... the times I left my PC on for no reason when I was away... and also having teamviewer...

Where/how can you see that log? And I'm the one who uses it to all the other PC's from family, friends, colleague's... so how to know/check their logs?

I've been hacked ones (well my hotmail account) and I know how ugly it feels...

Right know I'm even scared to open temviewer to even search for where the logs could be
tongue.gif
 
  • Rep+
Reactions: Sean Webster

·
Storage Nut
Joined
·
21,109 Posts
Discussion Starter #3
Quote:
Originally Posted by ASUSfreak View Post

oh boy... this isn't a nice fealing indeed!

I would report that if it happened to me! And my god... the times I left my PC on for no reason when I was away... and also having teamviewer...

Where/how can you see that log? And I'm the one who uses it to all the other PC's from family, friends, colleague's... so how to know/check their logs?

I've been hacked ones (well my hotmail account) and I know how ugly it feels...

Right know I'm even scared to open temviewer to even search for where the logs could be
tongue.gif
I just reported it to them! I'll update ya on anything I hear back. I also see that it seems to be happening to others as well: http://teamviewerforums.com/index.php?PHPSESSID=rp336t7cdifeou1f9c7dprsu96&board=1.0

Logs are located here: C:\Program Files (x86)\TeamViewer - Alternatively you can click the "Open log files..." option under extras on teamviewer.

I just looked through the ones called "TeamViewer11_Logfile" and "Connections_incoming" far.

I'm changing all my passwords now, luckily I use LastPass, so it wont be too hard, just time consuming for all my different website accounts...over 200 of them XD
 

·
Registered
Joined
·
2,562 Posts
thumb.gif


redface.gif
 

·
WCG Enthusiast
Joined
·
1,896 Posts
How do you think they obtained your password? Do you think it was your PC that was compromised or on Teamviewer's side?
 

·
Storage Nut
Joined
·
21,109 Posts
Discussion Starter #6
It seems I can white list computer IDs and only they will be able to connect. I'm gonna set that up now and play with it! More security is always good!

Quote:

Originally Posted by ASUSfreak View Post

thumb.gif


redface.gif
:p


Quote:
Originally Posted by theonedub View Post

How do you think they obtained your password? Do you think it was your PC that was compromised or on Teamviewer's side?
I do not have any clue on how it would have been compromised on my side. I have not input my password to log in to my teamviewer account in the application or on their website in months, except for on my phone (iOS application). My laptop is the only other computer I have used to access teamviewer and login, but that has been in my closet sitting for about two months now. The only thing I can think of is that it is compromised on their side. If anyone has any better ideas i'd be happy to hear!
 

·
WCG Enthusiast
Joined
·
1,896 Posts
Quote:
Originally Posted by Sean Webster View Post

tongue.gif


I do not have any clue on how it would have been compromised on my side. I have not input my password to log in to my teamviewer account in the application or on their website in months, except for on my phone. My laptop is the only other computer I have used to access teamviewer and login, but that has been in my closet sitting for about two months now. The only thing I can think of is that it is compromised on their side. If anyone has any better ideas i'd be happy to hear!
Suppose it can't hurt to make sure the phone is 100% beyond reproach as well. It is odd that there is a higher occurrence of compromised accounts lately though. I'm definitely going to pass along the news to those I know using the software- time for an uninstall.
 
  • Rep+
Reactions: Sean Webster

·
Storage Nut
Joined
·
21,109 Posts
Discussion Starter #9
Quote:
Originally Posted by stalkerzzzz View Post

You might want to enable two-factor authentication for your teamviewer account.
Looking into that now, thanks!

Quote:
Originally Posted by theonedub View Post

Suppose it can't hurt to make sure the phone is 100% beyond reproach as well. It is odd that there is a higher occurrence of compromised accounts lately though. I'm definitely going to pass along the news to those I know using the software- time for an uninstall.
Yeah, I just don't see my phone's app being the enabling device for this, but you never know! And good, maybe it will save someone some headaches!
 

·
Registered
Joined
·
98 Posts
I often use teamviewer at work but I never leave it installed.

I uninstall it once I no longer need it.

Frightening that this happened and very lucky you spotted it.
 

·
Politically incorrect
Joined
·
9,287 Posts
Thanks for the warning, uninstalling Teamviewer for a while. This is quite bad on their part and hope it's resolved soon.
 

·
Registered
Joined
·
4,262 Posts
I use it at work all the time, guess I'll take it off my personal computer...
frown.gif
)
 

·
Registered
Joined
·
1,046 Posts
If you can run software like windows firewall control and set the program to block unauthorized connection and also stop programs from changing the ability to communicate with the internet. It will stop programs like team viewer from connecting to the net even if you grant it permission. You would have to completely disable Wfc in order to use team viewer this is what I do so that I can use it and others cant use it against me lol. I suspect that this person was after your top secrete storage data
biggrin.gif
 

·
Registered
Joined
·
2,562 Posts
Quote:
If you can run software like windows firewall control and set the program to block unauthorized connection and also stop programs from changing the ability to communicate with the internet. It will stop programs like team viewer from connecting to the net even if you grant it permission. You would have to completely disable Wfc in order to use team viewer this is what I do so that I can use it and others cant use it against me lol. I suspect that this person was after your top secrete storage data biggrin.gif
Can you say what I have to do in Norton Firewall?

Mine is the Dutch version so I'll try to explain what I did now (I use my translation of it
tongue.gif
)

Where do I set that EXTERNAL stuff cannot acces AND control/change stuff.

Where to block external stuff (or at least notify me when someone/thing tries to connect) and let me choose to accept it.

Disable wfc? What's that?

How do you use it when not used against you
tongue.gif
(are these more/other settings)

And when I know it with teamviewer I might set it up for other stuff as well
tongue.gif
--> I see trial and error comming for me and I see even further in futere.... resulting in format C again cause I messed it up again
smile.gif
 

·
Registered
Joined
·
229 Posts
I just saw this thread in the recent posts, man what happened to you is frightening but lucky you were able to catch it.
I've always only allowed connections through my account + a really long & complicated account password but I never knew teamviewer had 2 factor authentication, maybe though they didn't seem to make a big deal about it. It's enabled now.

Wish more sites took 2/multi-factor authentication more seriously + maybe make it mandatory.
 

·
Just Lift Bro
Joined
·
3,234 Posts
Every account i have now

is x2 authentication

so unless they steal my phone i'm at least safer than before

but i would not recommend using any software to save your passwords i usually write them down on paper its a bit safer imo.

did you find an I.P address that accessed your pc?

maybe check your router logs.
 

·
Storage Nut
Joined
·
21,109 Posts
Discussion Starter #17
Well, after going through all my email and website accounts and passwords, it seems it may have most likely been another one of my sites I am a member on that had been hacked and it just so happened that the hacker got lucky and decided to try my matching info on teamviewer. I feel dumb now lol.

I've gotten in touch with everyone on my teamviewer account and luckily no one else has been violated except for my home systems.

I've done all the security cleaning up I can do. I have generated separate passwords to all my accounts via lastpass now.
 

·
Registered
Joined
·
2,562 Posts
Quote:
Originally Posted by Sean Webster View Post

Well, after going through all my email and website accounts and passwords, it seems it may have most likely been another one of my sites I am a member on that had been hacked and it just so happened that the hacker got lucky and decided to try my matching info on teamviewer. I feel dumb now lol.

I've gotten in touch with everyone on my teamviewer account and luckily no one else has been violated except for my home systems.

I've done all the security cleaning up I can do. I have generated separate passwords to all my accounts via lastpass now.
Well it's not being dumb, but thinking logical! If I see my Teamviewer screen moving my own mouse and filling in pasword stuff, it's logical you think Teamviewer is hacked! I wouldn't think 1 of my other sites is beeing hacked and thus they use that pasword on other sites etc
wink.gif


Bottom line is: you kjust wanted too share your ideas with others so they could prevent the same problems! (if they were valid
tongue.gif
wink.gif
)

Anyway glad you found your "flaw" and are "patching" it now
wink.gif
 
  • Rep+
Reactions: Sean Webster

·
I might have tacos tonite
Joined
·
22,339 Posts
Quote:
Originally Posted by ASUSfreak View Post

Well it's not being dumb, but thinking logical! If I see my Teamviewer screen moving my own mouse and filling in pasword stuff, it's logical you think Teamviewer is hacked! I wouldn't think 1 of my other sites is beeing hacked and thus they use that pasword on other sites etc
wink.gif


Bottom line is: you kjust wanted too share your ideas with others so they could prevent the same problems! (if they were valid
tongue.gif
wink.gif
)

Anyway glad you found your "flaw" and are "patching" it now
wink.gif
This is actually the most common way people get "hacked". Sign up on a bunch of websites with same email/password... then one of those websites gets compromised, and everything stolen. Typically that person then just sells the email/passwords in bulk to other people (who may not have any real "hacking" skills), who then go through the list trying the combinations on common sites like paypal and amazon.com. Since they target websites that are easier to hack, the owner might not even realize it happened, and you'll not have a clue that someone has your email,username, password combo.

My guess is that some of the people buying the usernames have started adding teamviewer to the list of places to try the login, due to the bonus of what they can accomplish with full access to your computer. Then it makes Teamviewer look bad, even though their security is fine.
 

·
New001
Joined
·
2,668 Posts
Quote:
Originally Posted by theonedub View Post

Suppose it can't hurt to make sure the phone is 100% beyond reproach as well. It is odd that there is a higher occurrence of compromised accounts lately though. I'm definitely going to pass along the news to those I know using the software- time for an uninstall.
You don't have to go to extremes and get everyone to uninstall over this, just make use all of TeamViewer's security features.
You can install the program and start using it immediately as is (fairly open to the world with only a randomly generated id and pin to protect you), or you can take 5 minutes to go through the options and lock everything down so there are no worries.
I've been using team viewer every day for a year now and never had any troubles.
 
1 - 20 of 54 Posts
Top