After LogMeIn (in)famously killed off its free remote access offering a bit over two years ago, TeamViewer has proven to be the most popular alternative. To this day, TeamViewer continues to offer its solution for free to personal users, alongside a number of subscription-based licenses to suit businesses.
Unfortunately, it seems that TeamViewer accounts have been accessed after credential theft from a variety of websites, including social media platforms. In fact, IBM Security's Nick Bradley witnessed this situation for himself when, in the middle of some hack and slash gaming, the TeamViewer window popped up on his screen.
In its recent press release, the company acknowledged this problem, and said:
We are appalled by the behaviour of cyber criminals, and are disgusted by their actions towards TeamViewer users. They have taken advantage of common use of the same account information across multiple services to cause damage.
While TeamViewer can't do much to prevent its users from reusing credentials from other websites and services, it is introducing two new features to help bolster account security.
Firstly, the new 'trusted devices' feature will require verification of any new device attempting to login to a TeamViewer account for the first time. The verification will be in the form of an e-mail sent to the registered email account which will contain a link to approve the device.
The second measure, called 'data integrity', automatically monitors accounts for unusual activity, which may include logins from new locations. In such an event, the affected account will be flagged for an enforced password reset with instructions supplied via email.
TeamViewer also took the opportunity to recommend that users activate two-factor authentication on their accounts. Similar to the approach of other services, it involves scanning a QR code and a mobile authenticator app. Once verified, all existing TeamViewer sessions will be expired and you'll need to login again on all of your devices.
Needless to say, if you use the same credentials across a number of services, then you may want to review the current state of your account security. Tools, such as 'Hacked?' for Windows 10, can help identify e-mail addresses associated with known data breaches as a basis for your security improvement efforts online.