Teamviewers DNS servers are[were?] infected. So they dont need your username or password[2fa wont help you either] because they have access to the machines id and password.
reddit thread with updates
known compromised individuals
"Old news". 
There has been a similar attack on teamviewer before (as well as logmein ("hamachi") back then) - the best defense is to just not run the programs 24/7, turn them on only when you need them and when a known other side wants to connect.
Obviously, it’s better to stay off of TV for a while until the waters calm down.
wellyea, its a thing for almost a week but a lot of people still dont know about it.
Actually this week’s Teamviewer related shenanigans have yet to have proper attribution. There have been some other suggestions, and some OS reporting that there was actually a pop-up malvertisement suggesting that a flash update was needed that did that and installed a backdoor.