Attention AnyDesk users! AnyDesk hacked recently and users’ passwords and sensitive information might have been available online.
On February 2nd, 2024, popular remote desktop software developer AnyDesk confirmed a security breach of their production systems.
While the full details are still emerging, AnyDesk hacked news poses potential risks to users and necessitates immediate action.
How did AnyDesk hacked?
Unfortunately, the exact method used to hack AnyDesk hasn’t been officially disclosed by the company. This is likely due to ongoing investigations and avoiding revealing vulnerabilities exploited by the attackers.
However, based on available information and speculation, here are some possibilities on AnyDesk hacked news:
- Hackers accessed AnyDesk’s production systems, stealing source code and code signing certificates
- Zero-day exploit: Hackers might have used a previously unknown vulnerability in AnyDesk’s software
- Brute-force attack: Weak passwords or leaked credentials could have allowed unauthorized access
- Social engineering: Deceptive techniques might have tricked employees into revealing sensitive information or granting access
- While AnyDesk denies user data theft, caution is advised
No evidence suggests attackers compromised individual user devices, but the risk remains.
What you should do?
If you suspect you have fallen victim to the AnyDesk hacked incident, here is what you should consider:
- Reset your password immediately: This is the most crucial step. Change your AnyDesk password to a strong, unique combination you don’t use elsewhere
- Update to the latest version: Download and install the newest AnyDesk version (7.1.4 at the time of writing). This update includes a new code signing certificate, enhancing security
- Enable two-factor authentication (2FA): If available, activate 2FA for your AnyDesk account. This adds an extra layer of protection beyond just a password
- Be vigilant: Monitor your AnyDesk account for suspicious activity and consider changing passwords for other accounts accessed through AnyDesk, especially if using weak or reused passwords
Follow AnyDesk’s official communication channels for updates and further instructions. They are actively investigating the incident and will likely release more information soon.
Can anyone access your computer from AnyDesk?
Whether someone can access your computer from AnyDesk depends on several factors.
Firstly, permissions play a crucial role in determining access. If you haven’t enabled unattended access in AnyDesk settings, no one can access your computer without your manual approval. This requires accepting a connection request on the target device.
However, if you’ve initiated a connection yourself and shared the AnyDesk ID, the other person can access your computer with the level of access you grant. This can be full control, view-only, or specific file/application access.
Secondly, security measures also impact access. A strong, unique password for your AnyDesk account adds a significant barrier. Additionally, if available, enabling two-factor authentication (2FA) adds another layer of protection. You can also set session settings within AnyDesk to limit what the other person can do.
Recently, there was an AnyDesk hacked incident that affected AnyDesk users. While the company claims end-user devices weren’t affected, changing your password is still recommended. It’s also advisable to update to the latest version (8.0.8 or later) for improved security certificates.
How do you stop access to AnyDesk?
Stopping access to AnyDesk depends on whether you want to prevent access temporarily or permanently, and whether someone is currently connected to your computer.
To prevent temporary access, you can disconnect a current session by clicking the red “Disconnect” button in the AnyDesk window. This instantly terminates the session.
Additionally, you can disable unattended access by going to Settings > Security > Unattended Access and deselecting the enabled option. This prevents anyone from connecting without your manual approval.
You can also disable interactive access by going to Settings > Security > Interactive Access and selecting “Never show incoming session requests.” This completely blocks incoming connections, even with your AnyDesk ID shared.
To prevent permanent access, you can uninstall AnyDesk from your computer using the standard uninstall process for your operating system. This completely removes the software and its ability to grant access.
Alternatively, if you have an AnyDesk account with multiple users, you can disable access for specific users you don’t want to access your devices. To do this, go to my.anydesk.com and navigate to Users > (user name) > Options > Disable User.
Additionally, you must know how to stay ahead of malware, to make sure you stay unaffected by the AnyDesk hacked news.
Featured image credit: AnyDesk.