How did someone else's name get in my hotmail acct?
December 29, 2005 5:44 PM Subscribe
When I opened up hotmail today someone else's email address was in the saved user name spot, how is this possible?
The name of the email was neither mine or my wife's and it had a rude connotation. The laptop I use was previously used at my work but both my wife and I have been the only users for the past month or so and it always brings up the last email address used, but this time it was someone elses. I used an encrypted wireless connection and have no idea how this happened. Is there any cookies I can look for that store this information?
The name of the email was neither mine or my wife's and it had a rude connotation. The laptop I use was previously used at my work but both my wife and I have been the only users for the past month or so and it always brings up the last email address used, but this time it was someone elses. I used an encrypted wireless connection and have no idea how this happened. Is there any cookies I can look for that store this information?
Response by poster: The browser I was using was firefox 1, I did have a look at the cookies and only found the msn.passport one for myself.
posted by phirleh at 5:51 PM on December 29, 2005
posted by phirleh at 5:51 PM on December 29, 2005
I've had this happen before, rarely, and always on a computer that was on DHCP of some flavor or another. My guess is that you might have acquired a new IP address - possibly from your ISP renewing your DHCP lease - and hotmail remembered the last person who accessed from your IP, who turned out to be someone other than you.
If the above didn't make any sense, the summary is: technical causes, not a security hole, don't worry about it further.
posted by ikkyu2 at 5:55 PM on December 29, 2005
If the above didn't make any sense, the summary is: technical causes, not a security hole, don't worry about it further.
posted by ikkyu2 at 5:55 PM on December 29, 2005
also this is definitely a your-computer issue, nothing to do with the network or the server or anything. it's your browser specifically that remembers these things.
I beg to differ. It could be a cookie issue, and it could be a cache issue. And if it's a cache issue, it could be a cache on your browser, or it could be on your local proxy, or it could be on an akamai edge server, or it could be at the hotmail origin server.
Now, it doesn't seem likely that any of those things are the case, but then, this sounds like a pretty strange situation to begin with. You may have caught hotmail or some other entity between you at a particular moment when they were having a cache problem. If so, there's really nothing you can do about it except refresh until it goes away, and complain.
posted by bingo at 6:01 PM on December 29, 2005
I would guess an overly agressive proxy caching system on your local network somewhere.
It's got to be either that or somebody has access to your machine.
posted by willnot at 6:16 PM on December 29, 2005
It's got to be either that or somebody has access to your machine.
posted by willnot at 6:16 PM on December 29, 2005
I guess hotmail is a bit different because it aims to have a fairly secure login...but I'll just say that someone else at my university, in a completely different building, turned on their computer one day, hit metafilter, and found themselves logged in as me! We worked out it was probably an issue with the proxy server everyone here shares, which is disconcerting, but it seems most likely to be a similar situation for you.
posted by Jimbob at 6:58 PM on December 29, 2005
posted by Jimbob at 6:58 PM on December 29, 2005
Yeah, I think it's a proxy caching thing too. I've also known someone who opened Metafilter and ended up logged in as me. Thank goodness it was a friend who didn't use the power for evil. This happens occasionally with other sites too, so it's not out of the question that it could happen with Hotmail. At least with Hotmail, only the username is cached, not the password - so in the worst case someone would know your e-mail address.
posted by rhiannon at 9:52 PM on December 29, 2005
posted by rhiannon at 9:52 PM on December 29, 2005
Soma is the most correct here. This is a "your computer only" issue. Passport (the login process Hotmail uses) does not remember anything about you or your IP on the server side - this data is only stored in the cookie on your computer.
If you checked your cookies AFTER you successfully logged in as you, then any other cookie that might have been referenced when you first opened to the Passport page (that's what it is, not really a Hotmail page at all) would have been deleted already, so you would not have found it.
The Passport cookie would also have been set by MSN Messenger, if you let somebody else log in on your computer.
Was this login any different than your previous logins, as in: were you using a different user account on your laptop? A different user profile in Firefox? Etc?
posted by Dunwitty at 10:24 PM on December 29, 2005
If you checked your cookies AFTER you successfully logged in as you, then any other cookie that might have been referenced when you first opened to the Passport page (that's what it is, not really a Hotmail page at all) would have been deleted already, so you would not have found it.
The Passport cookie would also have been set by MSN Messenger, if you let somebody else log in on your computer.
Was this login any different than your previous logins, as in: were you using a different user account on your laptop? A different user profile in Firefox? Etc?
posted by Dunwitty at 10:24 PM on December 29, 2005
Could this person have used your computer to quickly check their email and accidentally saved their username as the default?
posted by xammerboy at 7:25 AM on December 30, 2005
posted by xammerboy at 7:25 AM on December 30, 2005
Soma is the most correct here. This is a "your computer only" issue. Passport (the login process Hotmail uses) does not remember anything about you or your IP on the server side - this data is only stored in the cookie on your computer.
That doesn't mean that it is not a caching issue. There are a lot of machines between the user and hotmail, and while they aren't supposed to remember anything about you in this type of situation, it is possible that they could.
posted by bingo at 9:35 AM on December 30, 2005
That doesn't mean that it is not a caching issue. There are a lot of machines between the user and hotmail, and while they aren't supposed to remember anything about you in this type of situation, it is possible that they could.
posted by bingo at 9:35 AM on December 30, 2005
You're all wrong, it's not a proxy issue, or even a cookie issue, the username is saved by Firefox. Its password manager, to be specific. Soma was right, "this is definitely a your-computer issue".
posted by exhilaration at 9:39 AM on January 2, 2006
posted by exhilaration at 9:39 AM on January 2, 2006
Response by poster: I did a search on my entire computer for the email address and I found it in another user's cookie (which hadn't been used for a few weeks). I had the computer at home when it happened so it couldn't have been someone else who logged in. So I think it is a cookie issue, I'm just not sure how his cookie was accessed in my login (you got your peanut butter in my chocolate!).
posted by phirleh at 8:00 PM on January 2, 2006
posted by phirleh at 8:00 PM on January 2, 2006
exhiliration, that's not necessarily true.
phirleh said "someone else's email address was in the saved user name spot".
When the Passport page comes up, if the username is "hardcoded" - ie, appears in the HTML text, not editable, as opposed to editable in an edit control - then it has been read from the user cookie. This is what occurs in Passport if you click the "Remember email name" check box. And from my reading of phirleh's post, that is what is occuring.
If the name appears in the edit control, then it has been placed there by the Password manager, yes.
Judging from phirleh's follow up about finding the name in another user's cookie, then my original comment is, in fact, what occured.
posted by Dunwitty at 11:11 AM on January 3, 2006
phirleh said "someone else's email address was in the saved user name spot".
When the Passport page comes up, if the username is "hardcoded" - ie, appears in the HTML text, not editable, as opposed to editable in an edit control - then it has been read from the user cookie. This is what occurs in Passport if you click the "Remember email name" check box. And from my reading of phirleh's post, that is what is occuring.
If the name appears in the edit control, then it has been placed there by the Password manager, yes.
Judging from phirleh's follow up about finding the name in another user's cookie, then my original comment is, in fact, what occured.
posted by Dunwitty at 11:11 AM on January 3, 2006
...and that other user's cookie could have ended up on his computer because of a proxy caching issue, supporting my comment.
posted by bingo at 6:07 PM on January 5, 2006
posted by bingo at 6:07 PM on January 5, 2006
This thread is closed to new comments.
also this is definitely a your-computer issue, nothing to do with the network or the server or anything. it's your browser specifically that remembers these things.
posted by soma lkzx at 5:48 PM on December 29, 2005