The Teamviewer account is required to access another computer without someone being there [1]. When you're helping a friend or demoing to a customer, they're there to start their teamviewer and give you the access code. There is no need for accounts if those are all your use cases and there is no risk to be attacked without an account, is that correct?
If you read the article they tell you the most likely situation is the fact that millions of passwords are leaked everyday attached to emails in various data breaches.
This breach could also be data leaked from TeamViewer but as of right now there has been no official word as far as I can see. Considering users like to use the same username and password a bot could easily run through a leaked list and report any successful logins back to an attacker (an older exploit).
As far as I can tell the random numbers being generated are not affected but users who have actual accounts are being affected. There has been no official word but the number generating system being exploited over the accounts being exploited seems far less likely. Only time will tell thought so hopefully we will get an official word soon!
edit Seeing a lot of different theories in the comments and honestly I'm not sure which one makes the best sense. I really do hope TV makes a comment soon about how it's happening but we probably won't see that announcement until they release the fixes which are supposedly later this year.
I presume you are referring to the password?
Why would it be probably generated on the server?
That would mean that the server would have to pass the password back to the host computer for display.
Whereas the host computer would only ever have to pass a hash to the server if the passwords were generated on the host.
[1] https://www.teamviewer.com/en/help/410-what-is-a-teamviewer-...