i was hoping to find out if there was a way to track who has logged into your hotmail account, changed your password and alternate email address to suit themselves? i recently discovered this problem when i could no longer log onto my hotmail account and found out that somebody had gotten in and reset the password and deleted some important emails.... i know who it might be because the only emails that were deleted were about her.
Is there any way to find out who did this and from what computer IP address? there must be, how else can people and hackers get caught from doing illegal stuff. Is there a device, or website or a free service that can track or give me detailed info about who has been into my account in the last 30 days?
Any help would be greatly appreciated ~ i would really like to nail this person but would like the evidence to back me up. thanks :P

You're probably SOL. Hacking passwords isn't that easy unless the hacker has some insider knowledge of who the password belongs to.

Using a password generator to create a completely random 10-character or more password would foil them as well.

-{ Quote: "i was hoping to find out if there was a way to track who has logged into your hotmail account, changed your password and alternate email address to suit themselves? i recently discovered this problem when i could no longer log onto my hotmail account and found out that somebody had gotten in and reset the password and deleted some important emails.... i know who it might be because the only emails that were deleted were about her.
Is there any way to find out who did this and from what computer IP address? there must be, how else can people and hackers get caught from doing illegal stuff. Is there a device, or website or a free service that can track or give me detailed info about who has been into my account in the last 30 days?
Any help would be greatly appreciated ~ i would really like to nail this person but would like the evidence to back me up. thanks :P" }-
prguru,

If you are not able to log into your account, how do you know he/she deleted those emails?

I was given access to my email account through MSN support - they sent me a link and i was able to get into my inbox. That's how i knew everything was deleted. When i went to add an alternate email address for security if i ever needed to reset my password again, there was already an email address in there and i never seen or heard of it before in my life. All of this happened in a matter of 2 days - i was able to last log on on Monday Oct 24th and Tues the 25th it wasn't recognizing my password, secret answer to question or sending any info to my alternate email address... because i know my emails & files were deleted and the connection is to this other person... i need to find out where (IP address) this person logged into my account from to be able to track them down...
I can't imagine this being an impossible thing to do... every computer leaves its mark somewhere...:-*

actually, i found out that its pretty easy to access somebody's password through hotmail. if you know the person's email address, you just have to click "forgot password", answer the secret question somehow correctly (guess until your right) and BAM! you're in! Then once you've got in, you can reset the password to something you'll remember and put in your own alternate email address. Of course it would only last a short time until the original owner of the email address gets access via MSN support but that's enough time for them to copy or delete anything in your email files... and they could keep doing this over and over again... that's the scary part. I actually found quite a few webites ob Google that tell you how to break-in to hotmail accounts (a step by step guide)....
now that i know this has happend, all i want to do is track this person down,tracing there computer prints. I know this can be done, there's tons of stuff out there - i just haven't found any or anyone that can recommend something.

-{ Quote: "actually, i found out that its pretty easy to access somebody's password through hotmail. if you know the person's email address, you just have to click "forgot password", answer the secret question somehow correctly (guess until your right) and BAM! you're in! Then once you've got in, you can reset the password to something you'll remember and put in your own alternate email address. Of course it would only last a short time until the original owner of the email address gets access via MSN support but that's enough time for them to copy or delete anything in your email files... and they could keep doing this over and over again... that's the scary part. I actually found quite a few webites ob Google that tell you how to break-in to hotmail accounts (a step by step guide)....
now that i know this has happend, all i want to do is track this person down,tracing there computer prints. I know this can be done, there's tons of stuff out there - i just haven't found any or anyone that can recommend something." }-

Presumably, MS would have the necessary server access logs.

PRGuru,

Welcome to Wilders.
What I would like to know is how did MSN Support authenticate that you are you and give you access to the account?
If it is very easy, then what is to keep the hacker from doing the same thing to contact MSN support to pretend he/she is you?

As Mike said, all websites keep access logs. In the US, in fact, they are required by law to keep logs. These logs record the time, date, and IP address of the access. Access to these logs requires legal action of one form or another.
Even if you gain the IP, it may be a proxy. You would then have to pursue legal means to access the proxy's logs. And once you get the actual IP of the hacker, then you need to legally obtain their ISP's records to identify the person. Then what will you due? Sue her?
You will not likely be able to obtain this legal leverage to gain access to the logs in the first place. Even if a crime has been commited like identity theft, the law will protect them more than you.

There will always be time for revenge later if you want waste your time with that, now is the time for damage control.

Do you do any online banking or shopping using that hotmail email address to access those accounts?
If yes, the hacker may be trying to gain more info about you, place online orders, and cause more trouble for you.

First secure your hotmail account so it can't be as easily accessed.
Make your password long and difficult.
There is some useful password info here (http://geodsoft.com/howto/password/).
Make the Secret Answer (not the secret question) the same as the password (or a different difficult password).

Go to all the websites where you make financial transactions or purchases and change your password and secret answers. If they are professional, they will have gone for the money first. Protecting yourself from further damage should be a priority.

thanks for your response ~ MSN was able to help me out as i had to give them my IP address at home and at work that i usually and regularly log on from. Also personal information, last sites used, what folders i have in my In Box, some contact names that i have saved, sites that i've hit etc...
yes, my priority is to secure my account - i agree and thank god, i do not use this email account for any financial transactions or credit card transactions... it is soley for communicating and MSN messenger.
Thank you for the advice on how to "extra" protect my email account ~ it is greatly appreciated ;D

however i must say that the reason i am concerned about this even more is that the person i believe did this is one who has been harassing me for the past 6 months via telephone, and internet emails... i had saved all forms of communication, replys and threats made in that email account. Now that all my pertinent information pertaining to this person is coincidently vanished, it is my belief that it was that person who accessed my account and removed the information that involves them. I can't imagine anyone else who would see this information useful. I have built up a long list of this harassment and already have police reports on this person.... you need to build up your evidence before they will actually do anything (Canadian rules & regs) ** this extra information about proving that "she" hacked into my email account and changed everything to suit her would only enhance my already built case file and more than likely finally lead to charges laid - but i first need to track it, find it and hand it over to the authorities. In the meantime, i've secured my email account the best way i know how and have tried to make it as difficult as possible to get in. thanks again.

MSN more than likely has backups of the hotmail server.
Convincing MSN to recover the backup may take a little doing.
Contact MSN Support again and clearly explain your situation about how you are going to take legal action against this person. Offer to pay for the restoration of those specific emails as well.
If the tech is unable or unwilling, go up the ladder and ask for their supervisor.
Always be polite, but firm about what you want. You may be able to get it without legal action.
Every email service has different backup schedules. Some keep backups for ever, some rotate once a month.
If the emails are important, you may want to contact a lawyer knowledgeable in stalking cases. Maybe a simple "semi-legal" document from the law firm is all it takes for MSN to cough up the emails.

If you no longer want to contacted by this person, just create a new email account and maybe change your phone number to an unlisted one.
Don't give the number or email to friends of the stalker, only your trusted contacts.
If the stalker had physical access to your computer (or if you opened any email attachments from them), then you may need to consider the possibility that they put a keylogger or other tracking software (root kit) on your computer. That is another way he/she could have gotten your password.
It depends on how creepy they are.

Good Luck :)

-{ Quote: "if you know the person's email address, you just have to click "forgot password", answer the secret question somehow correctly (guess until your right) and BAM! you're in!" }-
If you know something about the person the email address belongs to the odds of cracking the answer to the secret question are greatly improved. ;)

It could take eons if you're trying to crack the answer from scratch.

IDEA! Instead of logically answering the secret question enter a generated password. For example, if the secret question is, "What's your favorite movie?" enter "&3frYHT@07x" for the answer. Let 'em try and crack that.

-{ Quote: "If you know something about the person the email address belongs to the odds of cracking the answer to the secret question are greatly improved. ;)
" }-

Or he could have used technical trickery?

-{ Quote: "Or he could have used technical trickery?" }-
Yeah, I suppose there are tools like StAPH 'PassLeecher' (http://www.securibox.net/phpBB2/dload.php?action=file&file_id=182) that may help crack a password once you have an e-mail address and/or name in hand.

it could be simplier: you may have a backdoor/RAT or a keylogger infection
some rats have a function to get cached passwords

illukka speaks the truth

You can unhook that computer from the net and do forensics to find out what is going on, with the help of the experts here or REFORMAT NOW!!!!!!!!

prguru, I did not read thru all of the posts in this thread (too lazy) so this may have already been mentioned by someone; the vast majority of these type of events, stealing email accounts and especially identity theft, are done by co-workers and family members, that is a statistical fact. Good luck in fixing everything, and rather than fixating on revenge (finding out who did it) take it as an excellent education for your future surfing habits, take care.

Acadia

prguru, I feel your pain.. similar thing just happened to me a few weeks ago. Fortunately there was no financial damage and I'm sure I'm ok as far as that goes. An almost family member hacked into my e-mail account and stupidly admitted it in an e-mail to me last week, after we had talked about it. She also stole a Xanga account that I had... she denies it but there are way too many things about the situation that point at her. I'm convinced she's lying about almost everything but what she says, is her "friend" gave her a software program that she runs and a real-time screen shot of my e-mail pops up. She said he hacked my password, and it was strong and totally random There is no security question in my e-mail program, but we used to live together, so unless her friend is a genius she must have found my password written down somewhere probably. Or perhaps she was smart and put a keylogger on my computer.

My friend is the webmaster for my e-mail and on his access logs, her work's IP address logged in pretty much every day for months. Her explanation for that was the alleged software program ran in the background on her computer even when she wasn't looking at it, hence, her IP address showing up.

This is pretty much the biggest and most ridiculous lie I've heard, but, I was wondering if anybody knows if there could be any grain of truth to this. Also, how can you check your computer for a keylogger? My computer runs virus checker once a week and I also run a spyware program every so often.

I'm dying to call her work and tell them I'm concerned about her having information on her computer there, because I am, and also because she deserves to go down for this. But since it's a family issue it makes it soooo much more complicated.

Removed
Is it this easy to get Hotmail password. Did I post this twice, dont see it.If it was removed for seurity reasons please accet apology.

No links to these type sites on Wilders please. -- Ron

OK sorry was only concerned if it is that easy and if people knew. I didn't. No intent to break rules
Regards

Thank you. :)

-{ Quote: "Thank you. :)" }-
You're welcome. It was a genuine error. Sorry

Wish we had something else in common other than this... although a high percentage of email thefts point to family member or coworkers ~ my case is not that but a person other than family who has been harassing me for the last 6 months. My hotmail account was the only account that i used to save her stupid emails which were evidence and since i see no other reason for anyone else to hack into my email account and delete those emails that pertain to her... it leads me to believe that she is the culprit.

It is not solely about revenge as i've now taken the extra precautions to protect my PC but this extra bit of information of finding out exacting who did it and where it came from would only add to the long list of evidence and police reports i already have on this person.... i could not file charges before for all the other incidences because the police said i had to build a case.... well here's my case (hacking into my comupter and stealing my identity to read and delete my private email) Sympatico and MSN are now working together to locate the information and i was able to confirm that it cam e from another sympatico account. Its just that this is a very very long process waiting for them to find the info and i thought there might be somebody or something out there that i could use on my own to get the info and just hand it over to the police.... guess not.
i wish u luck with your situation and i will keep you posted on mine - thanks :)

How do i find out if i have a so called "back door rat" or keylogger as was mentioned... gosh i've never even heard of half of the technical things mentioned in all the past replies...

is this something i can scan for myself or if i had a spyware program? All your imput is greatly appreciated.

thanks

Yeah... unfortunately, only hotmail will have the access logs of your account. I e-mailed Xanga about 5 or 6 times, and never got a response. I'm pissed about that but at the same time they probably have bigger problems... such as internet predators, etc. What you do need, is her IP address of the computer she would have been checking your e-mail from. If you still have e-mails from her, you have it in the headers. If not, someone said in an earlier post, you need a legal means of getting it.. maybe from her ISP if you know it; MSN/hotmail will see the IP address that accessed your account but you need a way to prove that it's her. And since you are building a case you will be able to get what you need. You probably already know all this, but just thought I'd add it anyways.

I use a program called Ad Aware, you can get it from download.com. It's really good, it gets rid of any/all spyware on your computer, even the smallest stuff that you don't even know is getting onto your computer when you use websites with lots of ads and stuff. For the most part those smaller ones aren't dangerous, they monitor what websites you go on basically to figure out how to advertise, but they still suck and should be deleted. You should probably run Ad Aware once a week like the virus programs... you have a virus program right? I've done a little reading and apparently Ad Aware will get rid of a keylogger. Did this girl have access to your computer? Because, and others can correct me if I'm wrong, but the only way someone can use that against you is either they have physical access to your computer, or you get it through a virus or link, via instant messenger or e-mail or whatever. Have you ever opened any e-mails or clicked on any links that you weren't sure about, or didn't know who they were from? However unless this girl is a computer whiz that's probably not the case.
One more thing, do you use a firewall?

Good luck getting your case together. That's great that the websites are working to help you. In my case I was lucky my friend owns the site where I have my e-mail, otherwise I might never have even known she did this. The funny thing is, kind of similar to you, is that when a few weird things started happening with my personal Xanga account that indicated someone was messing with it, I was 80% sure it was this girl. And I was right, before I even had any proof of the e-mail; I actually checked the access of my e-mail as a precaution and it turned out she was abusing that worse than my Xanga account!! So yeah... go with your gut, you know it's this girl, and you're getting proof anyways.

What I'm still trying to find out is: is the act of logging into someone else's e-mail account without authorization against any law? and if I were to file a police report or something, if anything would actually happen. Do you know?

Most importantly I have now learned not to keep ANYTHING on record solely on e-mail. Or even on your computer, if someone else has easy access to it. From now on I'm going to print out important things and delete the emails. With me it was a bunch of very personal and private thoughts/feelings that this girl exploited, which in some ways is worse than if she had stolen my money or belongings.

Actually, i did look into that and yes it is against the law to open and read someone's email by way of stealing password information etc... (by canadian law anyway) ** i do have her IP address from a few of her emails that she sent and she is a sympatico member just like me and Sympatico doensn't act kindly to people stealing or abusing other people's emails and private computers using there server for their own personal gain. No one else other than me uses my computer and so whatever or whomever (and i know who) logged on from their own PC or somebody else's ~ none the less the "big guys" are working on it and we will track it down.... my case is different in the sense that i already have a very large harassment file on this person and this internet identity theft would only enhance my case.... the police told me that most of the time its very hard to prove and alot of red tape to go through to get the answers, so most of the time nothing happens, unless its a big popular case and you got tons of money to back you.... in my situation, she is very much known to the authorities as harassing me and threatning me ~ so this would be the icing on the cake. I also made hard copies of the emails she deleted as well as saved them on other private email sites that she doesn't know about ~ i'm 2 steps ahead of her and smarter! For now, i've secured my PC the best way i know how and will sit back and wait for the confirmations to come in from MSN and Sympatico... take care & good luck :)

prguru,

Glad you are making progress on your case. You might want to also back up your evidence by downloading the emails and putting it on a floppy or CD. Put the CD or floppy somewhere safe. You should also make paper printouts of the emails and also store them safely.

Did MSN say they will be able to restore the deleted emails from a backup?
(They should recover the backed up emails in case they recycle the backup media)

From what I learned, you should expect her to try to hack into your account again, even if you take the password / secret question advice given earlier, it appears that it is relatively simple for her to access your account again.
Get a different email provider asap if you don't want to be spied on. Keep the Hotmail account so they can recover the data, but she may be able to access it again.
Fastmail has been recommended here before and there are many others.


GoneTil9,

-{ Quote: "What I'm still trying to find out is: is the act of logging into someone else's e-mail account without authorization against any law? and if I were to file a police report or something, if anything would actually happen. Do you know?" }-
If you can get her ip address, then you can track down the isp and perhaps get her ISP account terminated for violation of Terms Of Service. Otherwise, unless there is substantial proven financial damage, don't expect too much from the legal system.
In the US even ID Theft with proven financial damage, the laws are weak and do not protect victims effectively.

hi Devinco,

I have her IP address at work... she e-mailed me from there, and she actually admitted in that e-mail that she hacked my account!! Pretty stupid on her part. She did all of this from work, so I guess what I would need to do is call HR at her company. And part of me wants to do that soooo badly. However, this is made a lot more complicated because she is my "almost" sister-in-law and anything that happens to her will directly affect her husband.... who is my boyfriend's twin brother. I'm stuck because I am genuinely a little worried that she may have some of my personal information on her computer at work, but if I do something about it, it will create a mess. I'm so confused. Thanks very much for your reply.

-{ Quote: "hi Devinco,

I have her IP address at work... she e-mailed me from there, and she actually admitted in that e-mail that she hacked my account!! Pretty stupid on her part. She did all of this from work, so I guess what I would need to do is call HR at her company. And part of me wants to do that soooo badly. However, this is made a lot more complicated because she is my "almost" sister-in-law and anything that happens to her will directly affect her husband.... who is my boyfriend's twin brother. I'm stuck because I am genuinely a little worried that she may have some of my personal information on her computer at work, but if I do something about it, it will create a mess. I'm so confused. Thanks very much for your reply." }-
GoneTil9,

Backup all your emails, save them locally on your computer. Back them up on either a CD or floppies as well. Create a separate evidence backup CD containing any emails that you would want to use in the future as evidence (especially confessions). Print those out too and store in a safe place.
Even if you don't use the evidence, it could be used as leverage if she continues to harass you. Only do that in the very worst case. It seems like she may have more info on you than you have on her.
So best to go for damage control now.

I don't know about Xanga, it is a blog site visible to all?
They offer webmail?

Webmail (IMAP - Internet Messaging Application Protocol) works a little differently than a POP3 (Post Office Protocol 3) email account.
With IMAP, the emails are stored on the mail server, not your local computer, unless they are backed up or archived by your email client.
POP3 email is stored locally on your computer.
This means that after you back up your emails locally on your computer, you could delete all the emails on the server (empty the trash or deleted items folder TOO). I don't mean just read the emails, save them on your computer.
If she did not back up your emails locally on her computer or print them out, then she won't have access to them anymore.
If Xanga email can be accessed by POP email, then she will have the emails on her computer.

For anti-keyloggers, search this forum, there are several good threads here.
If your computer is compromised with malware, then it really doesn't matter where your email account is. If you suspect your own computer has been compromised, you really need to clean it up first.

Read all the emails that she had access to and find out what damaging info has been learned. If other account info, passwords, financial info, etc. is in the emails, you need to go to every account and change the passwords and maybe change your credit card numbers that you used at those stores.

Don't start a war you can't win. ;)
Sometimes no response is the best response.
If the person stoops that low, best not to have anything to do with her anyway.
Don't respond to her harassment. Your response gives her fuel to keep going.
But do accumulate all the evidence, in case things escalate.

Hope it helps

Thanks for the advice... I'm already way ahead of most of that.... I've changed all my passwords, etc. My friend owns the website where I have my e-mail, the server is literally in his bedroom (and, obviously, the email is web-based) and I know she doesn't have access to my stuff anymore BUT I wouldn't put it past her to have copied stuff to her work computer, or printed it out. She wouldn't have seen any account numbers or passwords on my e-mail (except Xanga... see below), but who the hell knows what she would have done or saved including just personal e-mails between me and other people.

Xanga is only a blog site where you can make it private, which I did. Nobody in the whole world knew I had that account (that was the purpose) and even though she denies it I know it was her who found that password (that was the one password I accidentally had in e-mail, when they sent it to me, I didn't delete it) and stole my account. Anyways, that information doesn't matter because she already tried to use it against me (all just very personal stuff) and it didn't even work.

I will save important things to disc as well as printing them out. I learned my lesson about that!!