TeamViewer reports Security Incident in their internal IT environment
Take action: While this is not an direct vulnerability, there is a risk that TeamViewer customers may have been compromised. It's good to follow with TeamViewer for potential breach notifications and plan for mitigating reactions.
Learn More
On June 26, 2024, TeamViewer, a German company known for its remote monitoring and management (RMM) software, reported the detection of an "irregularity" in its internal corporate IT environment.
The company, which serves over 600,000 customers worldwide, activated its incident response team and enlisted the assistance of cybersecurity experts to investigate and remediate the situation.
TeamViewer assured that its corporate IT environment is isolated from its product environment, indicating no evidence of customer data being impacted.
The company has not disclosed specifics regarding the intrusion, including the identity of the attackers or the method of the breach, but promises to provide updates as new information emerges.
It remains unclear whether the current situation involves the exploitation of vulnerabilities within TeamViewer's software to breach customer networks, misuse of poor security practices by end-users to infiltrate targets, or an attack directly on TeamViewer’s own systems.
Update - as of 30th of June 2024, TeamViewer has confirmed the breach of its corporate network attributed to the Russia-linked APT group, APT29, also known as Midnight Blizzard. The threat actors used the credentials of an employee account within TeamViewer's IT environment.
On the same day TeamViewer revealed that the hackers, copied employee directory data, including names, corporate contact information, and encrypted passwords.
