TeamViewer Breached by Hackers in 2016 But Kept it a Secret

Published on May 18, 2019
Written by:
Bill Toulas
Bill Toulas
Infosec Writer

According to a revelation by Der Spiegel, TeamViewer fell victim of a Chinese hacking group back in 2016, but the German company decided not to disclose it. That doesn’t mean that they never realized their network was compromised, as the software developer allegedly discovered the cyber attack promptly and responded to it to prevent excessive damage. TeamViewer is now acknowledging the incident, but attribute their delay in informing the affected users to the time required to conduct a thorough and analytical investigation on the event.

TeamViewer is one of the most popular remote administration, remote control, and desktop sharing software in the world. It is used by millions of individuals as well as companies around the globe, so a breach in its network means a lot for many. Back in 2016, users of TeamViewer complained about inexplicable takeovers that resulted in their bank accounts getting emptied, accusing the software of this. When this information surfaced, TeamViewer flatly denied that there was any breach or even a security hole in their system. In a statement that they released back then, they accused users of “carelessness”, stating that they should have taken “a few easy steps” to prevent potential abuse.

As the connection is being made today, and with the dates of the incidents being suspiciously close, many think that this denial was a probably a lie, and if TeamViewer didn’t do it on purpose, it is at least a case of irresponsible and inadequate investigation from their side. The company is still insisting that they have found no evidence that the hackers stole sensitive user data, or any parts of the source code of their product that would enable them to infiltrate to private networks, etc. They still insist that there’s no connection between the breach and the victimization of their customers by hackers.

This is the company’s official statement on the incident:

“Like many technology leaders, TeamViewer is frequently confronted with attacks by cybercriminals. For this reason, we continuously invest in the advancement of our IT security and cooperate closely with globally renowned experts and institutions in this field. In autumn 2016, TeamViewer was the target of a cyber-attack. Our systems detected suspicious activities in time to prevent any major damage. An expert team of internal and external cyber security researchers, working together closely with the responsible authorities, successfully fended off the attack.”

The hackers who hit TeamViewer used the “trademark” Winnti backdoor, which is attributed to the Chinese state-backed Winnti Group. This is the same group that targeted Bayer AG in April, Dax Group ThyssenKrupp in 2015, and other highly specialized German companies in the context of industrial espionage.

What do you think about the TeamViewer official response? Do you believe them or not? Let us know in the comments section down below, and feel free to share this story through our socials, on Facebook and Twitter.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: