Teamviewer Victims Report
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

View only
Date (of first incident)
TV VersionTV Account?
Email Pwned?
2 Factor Auth?
Reused Password?
Around 800$ gone from PayPal. Contacted PayPal (Sweden) they had heard about the breach in TV security.. Started an investigation and then closed the investigtion 14 minuites later, said it was not an unauthorized use.. Case closed...
Edit 1:
Of the 6 transactions they got through I've had 2 of them refunded by PayPal, but the 4 others I have not. They made all the transactions in a 7 minute timeframe and PayPal and their "routines" don't find the 4 other unauthorized, which is kinda like them saying I sat at my computer ordering stuff for a redicoulus amount at the same time the breach made theirs... I'll post more when I here from bank and police.
Unattended access was enabled. Caught them in the act, but they were already 3 hours buying stuff. They bought gamecredits for runescape and other games with my Paypal (around 1000) Paypal also closed my unauthorised use case. Called support and they reopend the case on monday, still waiting on paypal to come with a solution.
On amazon they added another creditcard that was not mine and bought over 1300 of giftvouchers, but amazon resolved this case rather quickly.
They purchased some stuff with my amazon account. They first tried to log into my paypal but apparently couldn't. They also were in my gmail account and deleted some emails, which google was unable to recover.
The malware they uploaded is
the first is the new one, apparently. The second is the runouce virus.
Interestingly, if you do binwalk on the first one, you can find a jpeg of a witch tarot card. There's also an encrypted 7zip archive at the end of the binary.
The login came from a colocation host in Atlanta, GA. I'm assuming one of their boxes got hacked.
Yes6/1/2016TeamViewer 11YesYesNoNo
As I've seen noted by others in this thread, they seemed to have a very specific set of goals in mind. They first tried to access PayPal, but were unable to log in. They tried eBay next, still unable to log in. Next, they tried to log in to Amazon, where they were successful. They purchased 8 $100 Amazon gift cards going to a random Yahoo email address, before attempting one more time to log in to PayPal and eBay.
Luckily, Amazon is awesome. Their support cancelled all the orders they could (one had already been processed), then they refunded me for the one gift card that had been processed already.
11 (I believe) on Windows
Brother's PC breached on 31 May at approx. 10 AM EST. Yahoo! email, PayPal, eBay, Amazon, and were accessed. PayPal and Yahoo! credentials were saved in Chrome. They created an eBay account and attempted to buy a Philips Norelco shaver. They attempted to reset his Amazon password, but he does not have an Amazon account. They accessed his PayPal account, and then went to and made three transactions. One transaction for a $200 eGift card, another $200 eGift card, and an $1100+ ASUS ROG laptop.
One $200 trans. hit his debit card as a temporary authorisation, the rest did not go through. The temporary authorisation for $200 eGift card dropped off hours later as Walmart cancelled the order on their end.
They used gibberish in the shipping name (I believe this flagged it and was the saving grace in cancellation), entered a Beaverton, OR shipping address and a RI phone number. They used a email address.
I have logs of all of this info, and will share their fake addresses/phone numbers if requested.
As far as password sniffers go, I did not check and cannot check, as I have used Samsung's tool to securely wipe his SSD and install Zorin (Ubuntu). I've changed all of his passwords and enabled the use of LastPass, which requires a 45-character passphrase when saving/accessing/utilising passwords each time.
I only noticed the sponsored session pop-up after I did not use the computer for a while, logs show no file transfers (for browser password sniffing), Chrome history shows nothing for the time range. I sent a mail to their support address before I knew it was a global hack that I want some details on that session (with the session ID I provided them from the logs), today I received a canned response that I should file a police report.
Lucky enough to not have anything comprised or stolen. I was on the computer late when they connected and was able to react before any real harm could be done.
They connected to my mother's computer first, and because I was stupid enough to leave her with an admin account they were able to run things like chrome pass, a suspicious application that simply said "have a good day ;)" (it froze, which is why I know this, and some other questionable executables.
Thankfully she does not store any passwords in browser, and I was able to act on it minutes after it happened, but I still went through and changed all of her passwords as well as fresh in stalling Windows.
Additionally, similar to some other reports I've heard, I also received a random friend request on TV shortly before my account was compromised.
Two $400 gift cards were purchased from Amazon. PayPal access was attempted for purchasing gift cards from eBay, but was not successful. My bank and Amazon were notified. Cannot dispute one $400 charge due to it being listed as pending. The person also accessed Baidu to see where my ip address originated.
Normally shut PC down when I'm not using it, but ran downstairs for lunch for a half hour or so. I got a notification from Paypal that I spent $200 and $100. I went upstairs and saw someone connected via teamviewer buying iTunes gift cards on eBay. I closed out the connection.. when I reviewed logs the IP originated from Orange, CA but I doubt that is his real IP.
I was able to try cancelling one of the orders 10 minutes after it happened but got an email back an hour later saying it was already too late and the code was already sent out. This happened on Memorial Day so I spent an hour on hold with eBay support.. they basically said they cannot do anything for me since the IP address that purchased it was my IP address so there was no proof it was fradulent.
I called Paypal and spoke to Michelle and I explained everything, teamviewer and all. She said she had already spoke to 5 people about this and said that it's a good thing I mentioned teamviewer because if i hadn't she probably wouldn't of been able to do anything for me. She opened a ticket and a few hours later I got an email saying that both transactions will be refunded once PayPal receives the funds.
I changed every password and enabled 2FA on everything that supports it. My wife hates me because I even changed the Netflix and Hulu passwords. I uninstalled Teamviewer.. even if they are not taking responsibility, they should still send an email out to their user base and tell them a lot of people are being compromised and to review their settings. I was pretty pissed when I came to this subreddit and saw posts that were a week old about this, but I was relieved I wasn't the only one that got hacked.
Yes5/29/2016TV 11YesNoNoYes
they got into my computer , went and sent off money totaling in $1500 to 5 different email address with paypal , they tried to purchase $300 in gift cards on that transaction failed luckily , tried purchasing off target but those transactions fell off paypal and were cancelled, they tried to get into my ebay but struck out , they possibly purchased stuff off walmart online but unsure, they tried to access amazon but no luck, they also went into my email and started forwarding email to a specific email address and had it deleting any emails that were coming in to my inbox, i sent my logfile to TV but havent had any response , since im not a paying customer i cant talk to them on the phone can only submit ticket and hopefully they respond
IP was from China, Logs files showed the intrusion, got Amazon Gift Cards and eBay Gift Card, accessed my Gmail. Did not delete Browser history so I could see where they went. I have screenshots. With GMail, I had to ask Gmail to recover my TRASH emails, which took a day to recover, so I could see all the confirmation emails that went through my email. Did not appear to transfer any files or install anything. I run ESET, MalwareBytes Pro and LastPass. 2FA won't help if they do not log into the website as the TV ID and "Random" password can get you into PC without any 2FA.
Don't know if this is related or not; it's earlier than most of the hacks listed here, and it's possible I was compromised another way; my account was logged into my wife's computer, and we later found a trojan there after installing Malwarebytes (before we were using AVG only and it missed it).
We didn't even know it was TeamViewer at first, but someone bought $200 of iTunes gift cards on my eBay and $300 of Amazon gift cards on her Amazon. We thought it was weird that two separate accounts had been compromised, but there wasn't much to do about it. We got refunds both from Amazon and from Paypal.
We only discovered it was TeamViewer that was the problem when the hackers tried again (maybe a week later? Forget the exact date) and we were actually using the computer. We immediately shut everything down, changed the password on my TeamViewer account, and enabled 2FA. Haven't had any problems since.
They tried to steal from Paypal and Amazon. No money was taken thankfully.
5/25/2016 $757.99 via PayPal, 4 target purchases, 2 eBay purchases, 1 purchase
5/28/2016 $340, 4 $60. Xbox Live 12 month gold codes, 1 Xbox $100 gift card code
TeamViewer uninstalled on 10 computers connected to my account. Currently looking for alternative, may just go with RDC.
All they got to was my amazon and purchased a $100 gift card, I quickly contacted them and they disabled use of those funds and refunded the money.
They had transferred the webbrowserpassview.exe to the desktop. I had a ton of passwords saved in chrome unfortunately so I spent hours going through all my accounts and changing all passwords after removal of the program and running multiple virus scans. They did attempt to log into my bank days (with the old credentials) later which I was notified of.
Came home and found my browser open, I did not leave it open. Also found a program called BrowserWebPassView or something open, showing a lot of logins and passwords (I actually tell Chrome not to store my passwords, so this is infuriating). However, I was already logged in to my email, Amazon, Facebook, etc. I noticed in my web history that it showed me browsing Amazon at 4am, which was suspicious. I found that the hacker had tried to purchase $1100 worth of Amazon gift cards, but could not complete the purchase because Amazon asked him to re-enter my Credit Card number. A few minutes after I sat down, I started to suspect Teamviewer, and I checked my Teamviewer connection log. It said the hacker was trying to access my mic and webcam (don't have one), while I was sitting at the computer. I immediately shut off Teamviewer. Spent the night changing all my passwords.
My Teamviewer log shows several failed attempts a day to login to my computer, over like 2 months. I think it shows that they managed to get in once before. What confuses me is, every time I close the connection, a Teamviewer advertisement pops up on my PC, and I just close it when I get home. I never once saw that add popped up on my computer, so how did they close the TV connection without the window alerting me?
The log shows the UserID of who ever connected to me, so I thought Teamviewer should easily be able to track that. I sent them an email, and they basically told me to go file a Police Report, and have the Police mail it to Germany. They gave me a lot of legal documents about international cyber crime law and stuff. I felt like Teamviewer should have been easily capable of taking action, but they instead wanted me to bury myself in bureaucracy.
Edit: I received an email from Teamviewer 2 days before, saying a stranger was trying to add me to their contacts list. I did not click the link to accept the request.
Got an invitation request one day before
Someone accessed my PC and used Google Payments to buy a variety of things. I didn't think I had a card attached to my Google Account, but I overlooked the fact that I have GoogleFi. The hacker used that card to buy 4 SSDs, a Chromebook, 2 Nexus 6Ps, and a Women's Watch. Google stopped some of the transactions and refunded me for most of it. Still in the works.
They accessed Amazon, Paypal, eBay, Banking. Not sure what else was compromised so far. I will never use Teamviewer again.
$2000 charged via Paypal (Paypal has recovered funds), $100 charged via (Pending CC dispute), $700 Bitcoins lost via Coinbase.
They stole my paypal and gmail accounts and as they made purchases they deleted the notifications from paypal. They made purchases amounting 1600$, 1300$ of that amount being designer clothes. Paypal is still "working on my case" and it's been over a week since I notified this... They absolutely suck.
Caught them in the act, closed TV, found browser password downloader, but their attempts to run it blocked by Anti-Virus/Malware active monitors. Single .tmp file created, required Safemode (Win7 Ent) to remove.
I'll edit this post with any other useful information I find, I think that's everything.
Two iTunes gift cards purchased through PayPal totalling $150. I got immediate notice via PayPal on my phone. Called PayPal and told them I did not make the purchase. They put the purchases on review. I then received an email in less than 5 mins that the purchased were deemed legit since the originated from my local PC. It was at that time I looked and saw someone was attached to my PC through TeamViewer. I quickly grabbed a screen shot and disconnected the intruder.
I quickly called PayPal back and explained what I had found. They asked me to send them an email stating my claim and any supporting documents. I sent them the screen capture.
I also call my Credit card company and had them to stop payment just in case PayPal did not reverse the charges.
In the end, PayPal did reverse the charges, and I did not loose any money. I have since stopped using TeamViewer. I did send the TeamViewer support the screenshot that clearly shows the name and the ID # of the intruder. I got an email back from TeamViewer support saying they were sorry but not a lot they could do about it. Told me to change my password and maybe try the two factor authentication.
I had also received a contact request from someone I did not know. Is this common among all those affected?
11 (for linux running ubuntu)
i saw the sponsored sesion pop up when i woke up. First i thought it was someone (in my group) who connected by mistake, checked chrome history there was a paypal acces at 4.30am (i was sleeping) didn't know about all the hacking stuff so i leave it to checkit later, fortunately they couldn't enter paypal so no harms.
Yes5/26/2016I think it was 9.YesYesNoNo
I'm down close to $2000. Happened a week ago, almost exactly. They used TeamViewer to get onto my computer, used my password rememberer to get into PayPal. Sent all the money from my bank account to theirs.
Woke up, saw that TeamViewer had been used, looked at my internet history, saw PayPal and Gmail, went to PayPal and saw all the money gone. Deleted TeamViewer, changed passwords everywhere, added on 2FA a bunch of places, and contacted PayPal who put in claims. Claims got denied, saying it was from my computer. Contacted credit union, told them PayPal refused to help. Contacted PayPal again, person put in a ticket mentioning the remote connection and how unlike my normal spending habits it was. Got an email saying claim was approved, but no money. Contacted PayPal again, was told that they didn't know why I got the email saying the claim was approved, the claim was denied the second time as well. I was told that he could put in another ticket, or I could speak with a supervisor, but chances are the claim would be denied yet again, because it had been denied twice already, despite all the explanations, the fact that it was unlike my regular spending habits, and the fact that the guy tried to send $2000 first, then sent a bunch of smaller transactions when that didn't go through. If the claim got denied again, I wouldn't be able to appeal it. I said I'd wait to talk to the supervisor. He told me it would be a long wait, like 45 minutes. I said I'd wait. Supervisor put the refunds through while I was on the phone with them, within an hour money was in my PayPal account, but my account was locked. Took 3 days to get my account unlocked, finally got it opened up last night at which point I figured I'd transfer the money to my credit union in the morning (not doing any good at the credit union either, as it's a 10 hour drive away, and they're issuing me a new debit card after this). Woke up this morning to find my account was locked again, because the credit union disputes reached PayPal.
At least it wasn't my account that had rent money in it. As of now, though, it's been a week and 16 hours with that $1900 languishing on PayPal's servers rather than somewhere I can spend it. While most of the customer service reps I talked to at PayPal have been great (with the exception of the guy who seemed to think my claims shouldn't be approved) PayPal has really been less than helpful overall with the multiple claim denials.
The guy only browsed to Gmail and PayPal in Chrome, (and Gmail was only to delete the emails about the PayPal transfers...which were still in the trash) but I've no way to know if they did anything in the incognito browser. I jumped at removing TeamViewer from my computer, so I didn't look at session logs to see how long they spend on my computer. I don't know if they got passwords from the password rememberer or anything else. It's been a tough week dealing with all of this.
The worst part is, if they'd tried a week earlier, there wouldn't have been more than $200 in my account. Stupid tax return just gave them more money.
around 90 EUR gone from bank card via PayPal at night, when I was sleep. Hackers were buy 2 electronic codes (game and X-box live subscription) at PayPal don't want cancel transactions. Shop don't do it too, because this codes comes to my email (after hackers was gone from my comp). I trying solve problem via my bank.
Bought 7 iphones from ebay, and xfer +$3000 from me to them via paypal. I noticed the moment I woke up, contacted on ebay parties and paypal. All transactions where reversed.
I got an unknown login yesterday from Hong Kong yesterday (6/2)... wtf. -
My log in password for TV is different from the password to remote into my pc once logged in. My paypal/amazon/ebay looks fine, doesn't appear they remote into my pc but was able to log into my TV.
Yes6/2/20169 Windows 7YesYesNoYes
Noticed a bunch of paypal emails overnight, purchased an itunes card from pcgamers and some games from the creators of rulescape. Paypal customer support told me I was the 4th person recently they talked to that had teamviewer accessed like this.
My teamviewer log (connections_incoming.txt) was accessed around the same time that they accessed my paypal. There's no trace of them on there, but windows explorer says that the text file was 'last modified' only a minute before they went onto chrome, meaning that I think its the first thing they did after they gained access to my machine.
Found these in the Kaspersky logs. Hope they help someone more tech savvy than I. I have since reinstalled windows so cannot provide any more than this.
When the incident happened the intruder attempted to use my Amazon account to buy a giftcard for themselves for $100 using a (assumed) stolen credit card. They didn't use any cards that already existed on the account. Since I came home right after it happened (I saw the screen changing and got the notice) I changed my password for both Amazon and TeamViewer + enabled 2FA on both. No incidents since.
It is unfortunate because they caught my system when I apparently left it unlocked. Normally I have it locked and it uses a rather secure password that is unique. Locally I use biometrics for authentication.
Logs show that they tried with TeamViewer 10 first and that was denied. IP is based out of china using a rDNS. Logs available upon request for the affected time period.
Bought gift cards, and used some exchange websites and a few transfers. (Thankfully only a few $100) Have opened Paypal dispute and waiting for response. This can't be a simple malware attack and has to be on teamviewers part because so many people attacked in such close proximity to each other. Seemed to also login to my banking website (Didn't initiate any transfers or do anything, just viewed it) I'm still scraping up everything i can find and will post here with more soon.
EDIT: They stayed logged into steam, seems they're stupid enough to not cover their tracks.
EDIT 2: I got all my cash back by disputing it via Paypal, he left his steam accound logged in (Amateurs..) and messed his steam account up (Deleted groups he admined and deleted all his friends) While i was at it i also tracked him down and contacted him and he shit bricks, i won't go into detail though.
Also a note, it looks like a backdoor was left on my system which i removed using Malwarebyes.
Teamviewer log file:
interesting things to note this almost right after i logged into the teamviewer website to check If i had been accessed from other locations.
My email is on the pwn database several times and even came up in the fling dump that came out this week (5 days ago)
I was skeptical about this at first but dang it looks like someone got a dump of users at the least
Tried to purchase credits through paypal aat target, amazon and a few gaming sites (old games). Purchases were declined by bank.
10.x (upgraded afeter)
I has none, I was lucky to be on the computer when everything happened and was quick to do something about it.
I left my computer on at night and went to sleep (game bot was running to collect more goodies). I woke up at 3am by bright light in the room. My 40 inch monitor had "woke up" and I saw activity. wears glasses. I saw someone adding items to my amazon account and was trying to check out. I took control of the mouse and closed that page. Saw a teamviewer session running. Closed the fucker, deleted my account, and uninstalled Teamviewer. I think I'm one of those rare people who caught the guy red handed. Called Amazon, they are "escalating" it to get me a refund. Next up, will call paypal. Just like others, it was all electronic orders (gift cards etc) placed on online shopping sites.
One night last week I saw the monitors behind me flick on, opened chrome, went to PayPal then started a teamviewer file transfer. I managed to catch it and disconnect it just in time... This time. This file pulled saved passwords from browsers.
I pulled connection logs from 25 pc's across my network (~100 pc's total on my TV account) and they all showed unauthorised connections.
Several thousands of dollars in PayPal claims, many email accounts accessed not to mention all the other forum, bank, eBay information that was also pulled.
I personally was only effected by unauthorised access to my gmail account and eBay account however some users on my network faired a lot worse.
PayPal have resolved all cases afaik
I find it appalling team viewer is denying a hack
Huge amounts of contacts added. My primary PC isn't on without me using it, and the other PCs under my account were all VMs with absolutely nothing interesting on them. Changed passwords and now clearing up the mess.... Considering myself lucky!
They were able to access my MacBook which was the only "computer" in my account with a saved password. However, they did not get any further than opening and finding that no passwords were saved and moving on.
They did try an second connection attempt, but I was using the MacBook at the time and killed it off pretty quick.
I have been following the threads and can confirm that the logs show that it was me connecting to myself, not some random username. This made me think that my TV account itself had been hacked, but when logging in and checking to see if this was the case, it was not.
Question: Has anyone looked into the possibility that TV was running with the option to allow access over HTTP port 80 enabled? If this was the case, the attackers could just scan the web looking for IP addresses that respond with "This site is running TeamViewer" and then hack from there somehow.
Was at work at the time, and heard my phone going crazy, noticed heaps of authorized transactions via paypal to some game/tv/something-shop in china. At the time i thought i've been phished, but no, today I checked the teamviewer logs and they actually correlate the fact that it was done on my computer, (as paypal told me), via teamviewer.
paypal ofcourse with their policy was extremely unhelpful at the time, so my bank had to step in to refund it for them.
Attackers spent a total of $150 through Paypal's digital gift store and ebay, luckily Paypal restricted my account before they could do any more damage. I initially filed a dispute through their website but they closed it saying that they didn't see enough evidence of unauthorized use, but I called them and spoke with a human and they ultimately ruled in my favor.
TV session started while I was at my computer, but I knew it was not me. I took about a minute to try and figure out if I could trace the source before deciding the risk wasn't worth them having access while I did, and killed the session. Within 30s they reconnected to my computer, i killed the session again and uninstalled. I reported the incident to TV support, who suggested the user had gotten the password elsewhere, and recommended I file a police report if I wanted access to the IPs that logged into me. No passwords / sessions are saved on my computer and I don't believe the hacker had time to run anything else. Computer remains locked when I'm not at my desk so if there were any prior connections they would've been greeted by a login screen.
They bought $200 worth of digital gift cards on ebay using paypal. Paypal denied my fraud claim because the attack happened from my PC. I also canceled my paypal and killed both cards associated with the account. I did not see an indication of a file transfer so I think I got off lucky.
they ordered multiple itunes cards from Target, and went into my email and deleted all messages from Target. My bank and Paypal took care of the bogus charges for me as soon as I contacted them.
I came to my computer after leaving it idle for a long period of time to find a TV session up but not active. I also found the email account of some high school student in Louisiana logged in with recent emails of his password being changed as well as purchases made within the last 2 hours with that account at the Microsoft store. My account had small purchases made through Microsoft Store for Gift cards as well as thousands from Paypal for a French website that sells drones and other remote control device accessories. I have since removed TV from my machine.
YesEarly may10YesYesNoYes
Noted many people adding me as contact (5-6 over a couple of weeks). Did not accept any of them. One day I was working at my computer, suddenly a unknown teamviewer session starts. I manage to quit it within seconds. I checked my logs and there had been multiple unauthorized short sessions while I had been away from my PC. I think that they never got past my windows login screen, as the sessions were ended quickly and no suspicious activitly on either email accounts or PC in general.
I was at work and received a GMail notification on my phone/watch. Checking it, I saw I had a PayPal payment go through and two more denied (I only have a low limit card attached to the account). I immediately logged into my home PC via my tablet and was greeted with the Play Nice popup. I checked my paypal, saw the activity, reported it to paypal, reported it to my bank. According to the logs, they had access for 12 minutes. They had URLs to pre-loaded carts. They purchased a $100 digital itunes gift card, which was sent to my GMail account (and was not opened or accessed that I can tell). The two other charges did not go through because the credit limit was exceeded after the first charge. Based on the browser history, they never made it past paypal and I believe I interrupted them prior to any additional damage.
Yes3/6/201611 (Latest)YesNoNoNo
Friend's pc got breached. After checking his history and run a quick scan with WD ive found these:
History: (As you can see in the few last results they attempted to buy Amazon gift cards)
$100 gone from amazon gift card balance. Amazon claims it was a legit purchase. Multiple attempts were made against my paypal account, luckily, I don't keep money in my account.
Work reformatted my PC so i'm not sure. I'm assuming it was the latest
The hacker got into my work PC. I have my email passwords set to auto log in. They were able to reset my amazon and paypal passwords and made nearly $500 worth of purchases.
Scoured my connections log and I'm only seeing the addresses of my own devices. There were some blanks where the account name was usually listed but I matched their TV address to an old TV9 folder with logs still on my PC and it turned out to be my phone.
I've uninstalled/scanned/scoured but am extremely disappointed. I loved TV for jumping into my home PC to check random things throughout the work day.
Saw 3 connections on the 22nd and 1 on the 23rd from Nanning China. Changed the TV password (even though it's different from my other passwords) and then deleted the account. Also uninstalled it from my PC though I had TV set to not load on startup anyway since I never really trusted remote access software to begin with. Also account listed as pwned but I was aware of those past breaches and immediately changed the password after each time.
Someone accessed my HTPC. Basically they opened Firefox, went to and tried to see if I had any cached credentials saved in the browser. Additionally, I had a logon entry via the TV website from Zigong CN.
Debating now whether or not I want to ditch TV or not . . .
First noticed when paypal phone notifications went off. I went to my computer to log in to the full webpage, and I see someone typing on my computer remotely. I hit airplane mode, to kick em off, disable teamviewer, do virus/malware checks with multiple tools, then turn on two factor wherever I can. They used paypal for some gift certificates ($175) and Amazon for $198 of XBox live. Contacted Paypal, they investigated, and compensated me the next day for the full amount. Amazon at first was saying they wouldn't compensate due to it being game related, but I persisted with another email, and they relented and reversed. Also called Chase, who agreed to reverse any charges that weren't reversed by Paypal or Amazon.
Two factor is now on amazon, paypal, TV (also turned off currently), and steam.
Thought this was just a one off thing, until I see now how many affected.
Yesroughly in march
latest version at the time
computer was accessed via teamviewer remotely and roughly $4,000 was transfered via PayPal to various random paypal addresses
Noticed a fraudulent charge on my Amazon account, 2x $100 gift cards were bought by a suspicious looking email. I contacted Amazon support immediately and got the transaction cancelled. Changed my Amazon password, etc. Fast forward a couple of days when I'm sitting at my computer at the Teamviewer connection dialogue box appeared at the bottom right of my screen. It disappeared almost immediately before I could take a look at it. Figured my Teamviewer had been compromised, reformatted my system and stopped using it. An email a few days later from Teamviewer where another user with a suspicious looking email was asking for too be my friend on Teamviewer finally confirmed my suspicions.
11 on OSX 10.11
Gift cards was purchased though Amazon, Google Play, and Walmart ranging from $10 to $500. Total amount of damage, $1520. Ran Sophos and Malwarebytes, no damage found to the system. Luckily my Surface was powered off and my Windows 7 box was locked.
n/a (account only)
I logged into my account to delete it and saw an access on 5/22 from Nanning, China.
Fortunately, there are no computers tied to that account, and there never have been. Logs don't suggest I have been attacked.
Caught them about 10 minutes into a TV session (according to my Chrome history), multiple tabs open in Amazon trying to buy gift cards, Paypal trying to buy itunes gift card, and another site trying to buy a $300 watch. Nothing was able to get through because Amazon was asking to verify my CC, PayPal was asking to authorize my account via text. Certainly a wakeup call when someone is trying to ship a $300 watch to somewhere in Washington State.
Yes5/18/2016Latest versionYesNoNoNo
At 5:11 am PST while I was still asleep, the culprits logged into my secondary office computer and the first thing they did is log into my Gmail account and set it to forward my all my incoming email to this address:, then immediately logged into Amazon thru my browser and ordered $150 worth of XBox gift cards. Further, they logged into my PayPal account then ordered $200 worth of iTunes cards. They also tried eBay but I don't have an account there anymore. Finally logged into some Netherlands website that exchanges gift cards for cash (I assume to cash out all the gift cards they stole) Connection closed at 5:22 AM, so they were in and out of my machine fast and it was well rehearsed in my opinion.
I checked my Teamviewer logs and the last TV connection was from user # 813531960 (which is unknown to me)
I'm still on the hook with PayPal for $200 and steaming mad about it.
Was only hacked after accepting a "friend" request on Teamviewer (forgot what they call it) from someone with a similar username to one of my friends email addresses. Luckily I caught them in the act (checked the logs for all my computers) and stopped them. They were trying to go to ebay. Got more requests in the future, have not responded to any. Set up 2FA, changed my password, and set up a local password on each machine that is required prior to remote access (even when signed in to my account already).
Around 500$ were gone from Paypal for a bunch of gift card. IP logged was from China. Called Amex immediately to do a charge back regardless of Paypal. This was on a Mac, and I had Safari to manage all my password.
my computer is always locked so they wouldn't have got into my account, I hope.
I was sitting on my couch at 12am and all of a sudden my machine light up.
It opened an eBay page ands started trying to buy iTunes cards. Saw paypal login jump up and as i ahve 2step and i don't save the user and pass they weren't getting anywhere fast.
I was wondering where the access was coming from and I noticed that teamviewer was running as it's access. as soon as i touched my mouse they disconnected. I opened my teamviewer to view the connections list and roughly 50 accounts had been added to it, however when i went to the connection history this was the first time someone had tried to access my computer outside of my own logins.
Changed all my passwords instantly. and added two step verification to my email and teamviewer accounts.
I was studying when I saw Firefox opening and my cursor moving while was typed. I freaked out and instantly unplugged my PC from the power. When I checked on reddit from my phone I saw that there is a breach,
so I deleted TV from safe mode
I don't remember, and I uninstalled it
Around 2:00 AM early on 5/31/16, I was on the computer watching a youtube video when Teamviewer suddenly opened and someone went straight to Paypal, then to Paypal digital gifts, then they went to buy a $100 itunes gift card. I immediately exited Teamviewer and checked my Paypal account and saw that someone had made several purchases over the past several days. On the 26th, they bought a $100 itunes gift card, and then on the 28th they bought $199 of credit for "SEA Gamer Mall" through Paypal. I uninstalled Teamviewer on my computer and phone and talked to Paypal and my bank and Teamviewer about it. Paypal quickly responded with an email saying "We've completed our review of your account and found that your account is secure and has not been accessed by an unauthorized third party. As a result, we've closed your unauthorized transaction claim.
If you're unhappy with your purchase, we encourage you to work with the seller to find a resolution. If you can't find a resolution, you may file a dispute in your Resolution Center." One of the sellers that the fraudster bought from was Paypal gifts and the other was SAE Gamer Mall. The Gamer Mall one emailed me saying they wouldn't help me and I needed to try to get my money back from Paypal. My bank said they would refund me the money if Paypal didn't. Unfortunately, I had ~$70 in my Paypal account that only Paypal can recover for me. I called Paypal after the online claim response and they said they would investigate, but I haven't gotten an email about it or anything.
Whatever was current at the time.
All computers had Windows Auth on them, so hacker could only actively use the one I was logged into and using at the time. Eg, I was in the middle of something, and he logged in and took over. Showed logged in as my account name, but different TV Number. Immediately kicked him out, reset passwords, enabled 2FA. Filed a Ticket with Teamviewer as well on 4/4/16. They replied then like they're doing now. Blaming password reuse, hacked accounts elsewhere, etc. Have since 2FA's everything everywhere, and changed all passwords to be more unique.
2 different sessions by different users. Both accessed but since there was no saved login information, it stopped there. No stored login information on this PC at all. Never done any shopping or banking on it luckily. This PC is nothing but a remote desktop gaming PC for my when my friend is on the road. None of the gaming accounts, Steam/Origin/Uplay/Battlenet, were hijacked. No malware or viruses found in scans, but still going to reset/reformat to be safe. Seems we got pretty lucky though.
Looking through my log files, it looks like they just messed around for a bit. I've checked all of my accounts and they did nothing. No Amazon, no eBay, no PayPal, checked my bank too and nothing. I'm including the log file, could someone go through it and make sure that they didn't do anything?
i was there watching the login, luckily, they logged into my computer attempted to access paypal. they then noticed the vpn network closed out of the vpn and reinitiated trying to log into my paypal with no luck, since i do not leave any of my accounts logged in or save my passwords.
The thing i believe that proves it actually was a hack and not what teamviewer is saying is that my paypal and teamviewer info is the same if they wanted to try and access it they could have at anytime. i have paypal setup to confirm through my phone anytime i access my paypal account even through my main computer. no one has tried to access it until today.
1000$ stolen from PayPal. Request came from my home, so no refund from PayPal as of today.
Yes6/2/2016V 11YesYesNoYes
Unattended acces was enabled. I was watching a movie then suddenly it was closed by someone who was connected to my laptop they didn't get to my paypal
always keep it updated as we use it daily
three computers on the account were accessed, only one was stolen from, mostly ebay was used, and ip seemed to be from korea.
**It occurred on two different computers that were connected to my TV account. Didn't notice it on my parents computer until I caught the attack as it was happening on my own in the middle of the night. I immediately cut off the attackers and deleted TV but they had already made several transactions with my paypal and amazon accounts. Unfortunately I had several family members credit cards linked to these accounts as well since they often used my amazon prime so the transaction were spread out across multiple cards.
Fortunately paypal and amazon both took care of all of the transactions. I also had all of my own and my family members credit cards replaced. Paypal was a little resistant but I made it out to be a malware remote intrusion which seemed to make the process go more smoothly. My father had called paypal about the transaction on his account for over $5000. He just said his account had been hacked since he didn't understand exactly what happened. They initially declined his claim since the transaction came from a known ip address. His bank was willing to put the money back into his account but told him he should really get it resolved through paypal. I called paypal as him and clarified what had happened. I had to be escalated through their customer service some to get to someone who could help. I told them that the attack was through some weird remote connection program. I said it had been removed and basically made it out to be malware without actually saying it was malware. The fact that this was a direct money transfer to some Chinese account that had absolutely no details listed was also pretty evident that this was a fraudulent transaction. After reviewing this, the paypal rep reopened the case and reversed teh charge immediately. Just be careful how you explain the attack and paypal will likely take care of it.**
I logged into my desktop from my laptop and caught the hacker right in the act. After a fight for control of the mouse I managed to remotely shutdown my PC. He/she transfered $500 via paypal (automatic login), this issue has been resloved with paypal costumer services. They also visited: (some kind of ingame currency site)

As far as I have been able to check nothing has been downloaded or installed on my pc