Posted by kkpreiss
Henagon

Account hacked due to Facebook breach

My teamviewer account was hacked because of a shared facebook password. I've already revoked the access that hacked (from china) but I do not know any way to view logs to determine if they downloaded or uploaded files to my computer. 

Please anyone who can help me or direct me to Teamviewer People to help I'd appreciate it. I was using a free account, so there wasn't much I could see available under the management console. I just need to know when and what activity was done under that session so I could manage the damage.

For any with advice on hacked - I've already uninstalled TV from the computer, changed all my important passwords for emails, etc. 

Thanks

1 Reply
1 Reply
Posted by Community Manager
Community Manager

Re: Account hacked due to Facebook breach

Hi @kkpreiss,

First of all, I am sorry to hear what happened to you.

It is good that you already changed all your passwords and revoked the Trust from the device in China.

I highly recommend to always use unique and strong passwords for maximum security and never authorize access to you account from devices you do not know (Trusted devices).

You wrote that the person gained access to your TeamViewer account due to a shared password.

This does not automatically mean that he/she also accessed your computer:
The access to your computer would be possible, if the person has access to your TeamViewer ID and its password. This would be the case, if you saved your own computer in the Computers & Contacts list with enabled Easy Access or a saved password.
If this is the case: Please check your Connections_incoming.txt to see whether someone accessed your computer.

Just click in your TeamViewer on Extras --> Open Logfiles. In the same folder, there should be a file called connections_incoming.txt.

In this file, you can see when/if an incoming connection was happening.

Additionally, you can see active logins to your TeamViewer account in the Management Console under Edit Profile --> Active logins.

Make sure to remove all active logins which do not belong to you!

Also: You can switch from Trusted Devices to two factor authentication, if you are in doubt whether your mail account was compromised too.

We cannot tell you what the person was doing on your device (in case there was a connection) as we do not have access to this data nor do we monitor any activity during a remote control session.

You might get some information by checking the browser- and download history on your computer.

Re-installing TeamViewer should be save, as you already made sure to change all your passwords.

Thanks and I hope my answer is helping you a bit,

Esther