They should have required 2FA for accounts that allow for remote session activity.
Who is at fault? Teamviewer doesn't deserve to walk from this completely free of blame. They take the list of successful user/pass combos and give it to a group of people determined to transfer paypal, buy gift cards, anything that will let them infiltrate money by taking control of that user account. But, it doesn't cost any money to continually bang on teamviewer servers looking for username/password combos that work - this part is automated and being done from thousands of computers all at the same time (essentially a botnet). Of course, 99.99% of all the accounts in the huge list will fail (user doesn't exist, wrong password, etc.).
A person(s) or group(s) with this collection decides to target teamviewer users, especially after learning that teamviewer doesn't require their users to enable 2FA. There are hundreds of millions of username/password combinations, stolen from lots of different websites that have been breached over the years.
0 kommentar(er)
