Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Is It Really That Easy to Get Someone’s Password?

We'll look at some ways that someone else could access your account -- or at least look like they have.
Extracting a Password
Extracting a password.
Question: It appears that someone has figured out the password to my account and has logged in and sent e-mails from the account as well. I have two questions: First, is there any possible way to track down the person who is doing this (mind you, they did not change my password)? Is it really that easy to obtain someone’s password on a site like this? I do not use a public computer and change my password regularly.

There are a couple of possibilities.

Yes, it’s possible you got hacked, but it’s also possible that you didn’t.

As for tracking down the perpetrator, the news isn’t good.

Become a Patron of Ask Leo! and go ad-free!


Getting someone's password

It might seem like a common occurrence, but in reality, getting someone’s password is difficult unless they’re lax about their own security. Make sure you’re doing all the right things to keep yourself secure.

Email doesn’t imply a hack

If you’re basing this question solely on the email sent from your email address, then it’s very possible — even likely — that you weren’t hacked.

It’s more likely that someone is impersonating you. While that sounds dire, it really isn’t. All it means is that they’re sending email that looks like it came from your email address, and nothing more. It’s quite common. See Someone’s Sending From My Email address! How Do I Ttop Them?! for more information.

If this is the case, then the key takeaways are:

  • It’s not your fault.
  • You didn’t get hacked.
  • No one knows your password.
  • There’s nothing you can do.

Simply having an email address is enough for this to happen to you.

Getting someone’s password

No, it’s not that easy to get someone’s password, and certainly not from the site you mentioned.

There are two all-too-common scenarios, though, where people make it easier than it should be.

Password re-use. Using the same password on more than one site puts all those sites at the mercy of the site that has the worst security. If one site gets hacked or otherwise compromised and your password is exposed, then your accounts at all the other sites are immediately at risk of compromise.

Phishing. If you fall for a phishing attack (which often involves getting you to try to sign-in to a look-alike site with your username and password), you’ll have given your password to a hacker.

There are other, less common scenarios as well, such as malware on your machine. Internet Safety: 7 Steps to Staying Safe Online is a good place to start to keep yourself safe.

Tracking down the offender

It’s nearly impossible for us mere mortals to track down the culprit.

If it’s just random From-spoofing spam, there’s almost nothing that can be done.

If it’s an actual compromise of the service you’re using, then it really depends on how the service operates. It’s possible they could track it down, but by that I mean only that the technology might support it. Whether or not the service keeps that information or even uses it is unknown. Even if they do, they are probably not willing to simply hand it out for claims like this.

More often than not, privacy concerns might require that laws have been broken and that law enforcement get involved. It’s not uncommon for a court order to be required to get the information from the service.

In other words: don’t get your hopes up.

Do this

While it’s not that easy to randomly compromise a password, it’s not impossible. That means it’s on you to stay safe. Continue to use best practices to keep your passwords, accounts, and your entire online presence as safe as possible.

And if you see spam that looks like it came from you, don’t assume a hack. It’s much more likely to be run-of-the-mill (though annoying) spam.

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

Podcast audio


4 comments on “Is It Really That Easy to Get Someone’s Password?”

  1. Most websites will offer you a technical support address that you can send these types of queries too.

    I’d suggest changing your password. Try using a combination of upper/lower case characters, numbers and symbols. for example:
    instead of “password”

    MySpace is a fairly secure site so though its not likely that it was hacked i’d change your password just in case.

  2. hi, i asked you is it possible to hack my old runescape account back an u didnt reply. anyway how long does it take to be able to read and program python??????


Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.