TeamViewer Denies Hack, Blames Password Reuse for Compromises | DailyDDoSe June 4 2016

The saga continues as I race against the clock knowing full well that my website and iCloud are under attack by 1336 h4x0rs I believe to be working in random with law enforcement to destroy evidence of obscene corruption and abuse of power I have witnessed from this experience. 

I was advised (by the police Lieutenant that had no legal obligation to tell my clients or the 400,000 Medicaid Recipients in my database that there was a security breach. 

The police became obsessed with my website and Twitter account and searched my phone on two occasions without a warrant and DELETED the film footage to cover their own asses. 

The police lieutenant refused to take a report for stolen iPhone, mail theft and fraud despite until the Chief of Police and Mayor came across my website and crime scene video on YouTube. 

This made my life infinitely worse and I was constantly harassed by the Crime Suppression Unit and became a person of interest and was reported for "Suspicious  Behavior" for filming the police. 

DUH! 

I was watching the watchers long before they started watching me. Now everybody knows about Trapwire and Surveillance but I'm still on the watch list for reporting it long before the public knew. 

I have decided to risk being targeted again by paranoid police or anonymous hacker types since I have nothing left to hide since I became the poster child for Social Engineering at DefCon.  

My websites have been systematically hacked and compromised and I am ready to tell my side of the story. 

My name is Elyssa and I'm a Phone Phreak. I hope your ready to see through my eyes for a bit so you can understand why I feel compelled to release the files I have collected over the last 22 years.  Good luck keeping up. It's a doozy. 

Even if everything I'm about to disclose was a work of fiction, at least give me credit for being so damn creative.  I couldn't make this shit up if I tried. 

Just me, e

No longer @ELyssaD

DailyDDoSe June 4, 2016

https://threatpost.com/teamviewer-denies-hack-blames-password-reuse-for-compromises/118427/

TEAMVIEWER DENIES HACK, BLAMES PASSWORD REUSE FOR COMPROMISES

Remote support software company TeamViewer continues to contest claims this week it was hacked and instead claims that password reuse and careless user actions may have led to some of its customers' machines being compromised.

The German company has been vigilant with its stance since posting a statement on the issue last Monday, but that hasn't stopped customers from venting online since.

Users flooded both Twitter and Reddit with further accusations this week, complaints that were only compounded by a denial-of-service attack that brought the company's DNS servers offline for a period on Wednesday. TeamViewer assured users via email that it was back up and running early Wednesday afternoon, and used the opportunity to insist the downtime was not the result of a security breach.

We are back up and running again. However it may take some time until all regions are back to regular service.

— TeamViewer Support (@TeamViewer_help) 1:20 PM - 1 Jun 2016

On Reddit, one customer Wednesday claimed an attacker attempted to access his Yahoo, PayPal, and Amazon accounts through TeamViewer. Another claimed an attacker managed to hack him through his smart television. TeamViewer extended remote support to smart TVs earlier this spring. Another user claimed he had his PayPal account drained and that an individual went on a "spending spree buying giftcards, XBox Live memberships, skinny jeans, and a $450 jacket," making roughly $3000 in purchases.

The company stressed that using the same password for TeamViewer across multiple platforms and caching account credentials in browsers could have led to account compromise and many of the reported hacks.

Astute TeamViewer users on Reddit are encouraging users to check their browser history, PayPal transactions, and TeamViewer logs for suspicious activity. Other users are encouraging customers who think they may have been hacked to do a search for "webbrowserpassview.exe" in their logs. If it shows up, users might be well served to change their passwords, because the software, a password recovery tool, can export saved browser credentials. Assuming an attacker has access to a system, it's possible they could glean additional account credentials by copying the program and any stored credentials.

Troy Hunt, who runs the data breach repository HaveIBeenPwned.com, pointed out Wednesday that given all of the recent breaches (LinkedIn, MySpace, Tumblr) TeamViewer's explanation for their users' troubles is "entirely possible."

TeamViewer is pointing to password reuse, which is entirely possible given the recent big breaches https://www.teamviewer.com/en/company/press/statement-on-potential-teamviewer-hackers/?utm_source=Twitter&utm_medium=social&utm_content=statementonpotentialhackers&utm_campaign=Social&pid=social_tw …

— Troy Hunt (@troyhunt) 5:02 PM - 1 Jun 2016

In its statement TeamViewer urged customers to use a different password for their account and change it regularly, and also to use two-factor authentication, a feature it launched in 2013. The bulk of users who claimed they were hacked on Reddit acknowledged they didn't have the security mechanism enabled at the time of the attack.

The company is encouraging customers who feel like they've been hacked to contact their local police departments.

"This is particularly important because TeamViewer is subject to very strict data protection and privacy regulations, and can release sensitive data only to authorized individuals and authorities," the statement reads.

A rash of years-old website breaches that spilled the credentials of nearly 590 million combined users have come to light over the last several weeks. One of the affected sites, MySpace, was initially hacked in 2008 but it wasn't until this week that information leaked on 360 million of its users, including their email addresses and the unsalted SHA-1 hashes of the first 10 characters of their passwords, was sold publicly online. Two weeks ago information on 164 million LinkedIn users, including email addresses and passwords stored as SHA-1 hashes without salt, were exposed.

Cracking a password without a salt is far easier, and could potentially be at the root of the TeamViewer issue, especially for any users who may use the same password across multiple services.

"Distrust and caution are the parents of security" - Benjamin Franklin

^ed