Discussion in 'other security issues & news' started by prguru, Oct 27, 2005.

Thread Status:
Not open for further replies.
  1. prguru

    prguru Registered Member

    i was hoping to find out if there was a way to track who has logged into your hotmail account, changed your password and alternate email address to suit themselves? i recently discovered this problem when i could no longer log onto my hotmail account and found out that somebody had gotten in and reset the password and deleted some important emails.... i know who it might be because the only emails that were deleted were about her.
    Is there any way to find out who did this and from what computer IP address? there must be, how else can people and hackers get caught from doing illegal stuff. Is there a device, or website or a free service that can track or give me detailed info about who has been into my account in the last 30 days?
    Any help would be greatly appreciated ~ i would really like to nail this person but would like the evidence to back me up. thanks :p
  2. AvianFlux

    AvianFlux Registered Member

    You're probably SOL. Hacking passwords isn't that easy unless the hacker has some insider knowledge of who the password belongs to.

    Using a password generator to create a completely random 10-character or more password would foil them as well.
  3. Devinco

    Devinco Registered Member


    If you are not able to log into your account, how do you know he/she deleted those emails?
  4. prguru

    prguru Registered Member

    I was given access to my email account through MSN support - they sent me a link and i was able to get into my inbox. That's how i knew everything was deleted. When i went to add an alternate email address for security if i ever needed to reset my password again, there was already an email address in there and i never seen or heard of it before in my life. All of this happened in a matter of 2 days - i was able to last log on on Monday Oct 24th and Tues the 25th it wasn't recognizing my password, secret answer to question or sending any info to my alternate email address... because i know my emails & files were deleted and the connection is to this other person... i need to find out where (IP address) this person logged into my account from to be able to track them down...
    I can't imagine this being an impossible thing to do... every computer leaves its mark somewhere...:-*
  5. prguru

    prguru Registered Member

    actually, i found out that its pretty easy to access somebody's password through hotmail. if you know the person's email address, you just have to click "forgot password", answer the secret question somehow correctly (guess until your right) and BAM! you're in! Then once you've got in, you can reset the password to something you'll remember and put in your own alternate email address. Of course it would only last a short time until the original owner of the email address gets access via MSN support but that's enough time for them to copy or delete anything in your email files... and they could keep doing this over and over again... that's the scary part. I actually found quite a few webites ob Google that tell you how to break-in to hotmail accounts (a step by step guide)....
    now that i know this has happend, all i want to do is track this person down,tracing there computer prints. I know this can be done, there's tons of stuff out there - i just haven't found any or anyone that can recommend something.
  6. MikeNash

    MikeNash Security Expert

    Presumably, MS would have the necessary server access logs.
  7. Devinco

    Devinco Registered Member


    Welcome to Wilders.
    What I would like to know is how did MSN Support authenticate that you are you and give you access to the account?
    If it is very easy, then what is to keep the hacker from doing the same thing to contact MSN support to pretend he/she is you?

    As Mike said, all websites keep access logs. In the US, in fact, they are required by law to keep logs. These logs record the time, date, and IP address of the access. Access to these logs requires legal action of one form or another.
    Even if you gain the IP, it may be a proxy. You would then have to pursue legal means to access the proxy's logs. And once you get the actual IP of the hacker, then you need to legally obtain their ISP's records to identify the person. Then what will you due? Sue her?
    You will not likely be able to obtain this legal leverage to gain access to the logs in the first place. Even if a crime has been commited like identity theft, the law will protect them more than you.

    There will always be time for revenge later if you want waste your time with that, now is the time for damage control.

    Do you do any online banking or shopping using that hotmail email address to access those accounts?
    If yes, the hacker may be trying to gain more info about you, place online orders, and cause more trouble for you.

    First secure your hotmail account so it can't be as easily accessed.
    Make your password long and difficult.
    There is some useful password info here.
    Make the Secret Answer (not the secret question) the same as the password (or a different difficult password).

    Go to all the websites where you make financial transactions or purchases and change your password and secret answers. If they are professional, they will have gone for the money first. Protecting yourself from further damage should be a priority.
  8. prguru

    prguru Registered Member

    thanks for your response ~ MSN was able to help me out as i had to give them my IP address at home and at work that i usually and regularly log on from. Also personal information, last sites used, what folders i have in my In Box, some contact names that i have saved, sites that i've hit etc...
    yes, my priority is to secure my account - i agree and thank god, i do not use this email account for any financial transactions or credit card transactions... it is soley for communicating and MSN messenger.
    Thank you for the advice on how to "extra" protect my email account ~ it is greatly appreciated :D
  9. prguru

    prguru Registered Member

    however i must say that the reason i am concerned about this even more is that the person i believe did this is one who has been harassing me for the past 6 months via telephone, and internet emails... i had saved all forms of communication, replys and threats made in that email account. Now that all my pertinent information pertaining to this person is coincidently vanished, it is my belief that it was that person who accessed my account and removed the information that involves them. I can't imagine anyone else who would see this information useful. I have built up a long list of this harassment and already have police reports on this person.... you need to build up your evidence before they will actually do anything (Canadian rules & regs) ** this extra information about proving that "she" hacked into my email account and changed everything to suit her would only enhance my already built case file and more than likely finally lead to charges laid - but i first need to track it, find it and hand it over to the authorities. In the meantime, i've secured my email account the best way i know how and have tried to make it as difficult as possible to get in. thanks again.
  10. Devinco

    Devinco Registered Member

    MSN more than likely has backups of the hotmail server.
    Convincing MSN to recover the backup may take a little doing.
    Contact MSN Support again and clearly explain your situation about how you are going to take legal action against this person. Offer to pay for the restoration of those specific emails as well.
    If the tech is unable or unwilling, go up the ladder and ask for their supervisor.
    Always be polite, but firm about what you want. You may be able to get it without legal action.
    Every email service has different backup schedules. Some keep backups for ever, some rotate once a month.
    If the emails are important, you may want to contact a lawyer knowledgeable in stalking cases. Maybe a simple "semi-legal" document from the law firm is all it takes for MSN to cough up the emails.

    If you no longer want to contacted by this person, just create a new email account and maybe change your phone number to an unlisted one.
    Don't give the number or email to friends of the stalker, only your trusted contacts.
    If the stalker had physical access to your computer (or if you opened any email attachments from them), then you may need to consider the possibility that they put a keylogger or other tracking software (root kit) on your computer. That is another way he/she could have gotten your password.
    It depends on how creepy they are.

    Good Luck :)
  11. AvianFlux

    AvianFlux Registered Member

    If you know something about the person the email address belongs to the odds of cracking the answer to the secret question are greatly improved. ;)

    It could take eons if you're trying to crack the answer from scratch.

    IDEA! Instead of logically answering the secret question enter a generated password. For example, if the secret question is, "What's your favorite movie?" enter "&3frYHT@07x" for the answer. Let 'em try and crack that.
    Last edited: Oct 28, 2005
  12. Or he could have used technical trickery?
  13. AvianFlux

    AvianFlux Registered Member

    Yeah, I suppose there are tools like StAPH 'PassLeecher' that may help crack a password once you have an e-mail address and/or name in hand.
  14. illukka

    illukka Spyware Fighter

    it could be simplier: you may have a backdoor/RAT or a keylogger infection
    some rats have a function to get cached passwords
  15. illukka speaks the truth
  16. controler

    controler Guest

    You can unhook that computer from the net and do forensics to find out what is going on, with the help of the experts here or REFORMAT NOW!!!!!!!!
  17. Acadia

    Acadia Registered Member

    prguru, I did not read thru all of the posts in this thread (too lazy) so this may have already been mentioned by someone; the vast majority of these type of events, stealing email accounts and especially identity theft, are done by co-workers and family members, that is a statistical fact. Good luck in fixing everything, and rather than fixating on revenge (finding out who did it) take it as an excellent education for your future surfing habits, take care.

  18. GoneTil9

    GoneTil9 Registered Member

    prguru, I feel your pain.. similar thing just happened to me a few weeks ago. Fortunately there was no financial damage and I'm sure I'm ok as far as that goes. An almost family member hacked into my e-mail account and stupidly admitted it in an e-mail to me last week, after we had talked about it. She also stole a Xanga account that I had... she denies it but there are way too many things about the situation that point at her. I'm convinced she's lying about almost everything but what she says, is her "friend" gave her a software program that she runs and a real-time screen shot of my e-mail pops up. She said he hacked my password, and it was strong and totally random There is no security question in my e-mail program, but we used to live together, so unless her friend is a genius she must have found my password written down somewhere probably. Or perhaps she was smart and put a keylogger on my computer.

    My friend is the webmaster for my e-mail and on his access logs, her work's IP address logged in pretty much every day for months. Her explanation for that was the alleged software program ran in the background on her computer even when she wasn't looking at it, hence, her IP address showing up.

    This is pretty much the biggest and most ridiculous lie I've heard, but, I was wondering if anybody knows if there could be any grain of truth to this. Also, how can you check your computer for a keylogger? My computer runs virus checker once a week and I also run a spyware program every so often.

    I'm dying to call her work and tell them I'm concerned about her having information on her computer there, because I am, and also because she deserves to go down for this. But since it's a family issue it makes it soooo much more complicated.
  19. Concerned

    Concerned Guest

    Is it this easy to get Hotmail password. Did I post this twice, dont see it.If it was removed for seurity reasons please accet apology.

    No links to these type sites on Wilders please. -- Ron
  20. Concerned

    Concerned Guest

    OK sorry was only concerned if it is that easy and if people knew. I didn't. No intent to break rules
  21. ronjor

    ronjor Global Moderator

    Thank you. :)
  22. Concerned

    Concerned Guest

    You're welcome. It was a genuine error. Sorry
  23. prguru

    prguru Registered Member

    Wish we had something else in common other than this... although a high percentage of email thefts point to family member or coworkers ~ my case is not that but a person other than family who has been harassing me for the last 6 months. My hotmail account was the only account that i used to save her stupid emails which were evidence and since i see no other reason for anyone else to hack into my email account and delete those emails that pertain to her... it leads me to believe that she is the culprit.

    It is not solely about revenge as i've now taken the extra precautions to protect my PC but this extra bit of information of finding out exacting who did it and where it came from would only add to the long list of evidence and police reports i already have on this person.... i could not file charges before for all the other incidences because the police said i had to build a case.... well here's my case (hacking into my comupter and stealing my identity to read and delete my private email) Sympatico and MSN are now working together to locate the information and i was able to confirm that it cam e from another sympatico account. Its just that this is a very very long process waiting for them to find the info and i thought there might be somebody or something out there that i could use on my own to get the info and just hand it over to the police.... guess not.
    i wish u luck with your situation and i will keep you posted on mine - thanks :)
  24. prguru

    prguru Registered Member

    How do i find out if i have a so called "back door rat" or keylogger as was mentioned... gosh i've never even heard of half of the technical things mentioned in all the past replies...

    is this something i can scan for myself or if i had a spyware program? All your imput is greatly appreciated.

  25. GoneTil9

    GoneTil9 Registered Member

    Yeah... unfortunately, only hotmail will have the access logs of your account. I e-mailed Xanga about 5 or 6 times, and never got a response. I'm pissed about that but at the same time they probably have bigger problems... such as internet predators, etc. What you do need, is her IP address of the computer she would have been checking your e-mail from. If you still have e-mails from her, you have it in the headers. If not, someone said in an earlier post, you need a legal means of getting it.. maybe from her ISP if you know it; MSN/hotmail will see the IP address that accessed your account but you need a way to prove that it's her. And since you are building a case you will be able to get what you need. You probably already know all this, but just thought I'd add it anyways.

    I use a program called Ad Aware, you can get it from It's really good, it gets rid of any/all spyware on your computer, even the smallest stuff that you don't even know is getting onto your computer when you use websites with lots of ads and stuff. For the most part those smaller ones aren't dangerous, they monitor what websites you go on basically to figure out how to advertise, but they still suck and should be deleted. You should probably run Ad Aware once a week like the virus programs... you have a virus program right? I've done a little reading and apparently Ad Aware will get rid of a keylogger. Did this girl have access to your computer? Because, and others can correct me if I'm wrong, but the only way someone can use that against you is either they have physical access to your computer, or you get it through a virus or link, via instant messenger or e-mail or whatever. Have you ever opened any e-mails or clicked on any links that you weren't sure about, or didn't know who they were from? However unless this girl is a computer whiz that's probably not the case.
    One more thing, do you use a firewall?

    Good luck getting your case together. That's great that the websites are working to help you. In my case I was lucky my friend owns the site where I have my e-mail, otherwise I might never have even known she did this. The funny thing is, kind of similar to you, is that when a few weird things started happening with my personal Xanga account that indicated someone was messing with it, I was 80% sure it was this girl. And I was right, before I even had any proof of the e-mail; I actually checked the access of my e-mail as a precaution and it turned out she was abusing that worse than my Xanga account!! So yeah... go with your gut, you know it's this girl, and you're getting proof anyways.

    What I'm still trying to find out is: is the act of logging into someone else's e-mail account without authorization against any law? and if I were to file a police report or something, if anything would actually happen. Do you know?

    Most importantly I have now learned not to keep ANYTHING on record solely on e-mail. Or even on your computer, if someone else has easy access to it. From now on I'm going to print out important things and delete the emails. With me it was a bunch of very personal and private thoughts/feelings that this girl exploited, which in some ways is worse than if she had stolen my money or belongings.
Thread Status:
Not open for further replies.