Dear All

My friends daughter has admitted that she has done something rather silly which she now regrets.

Basically, she works for a company where she can access her email account through a webmail. If she is logged on to the server at work under her log in details, she can access it via a web page and enter her lan user name and password to access emails. If she is at home, she can access but firtly by logging into the server remotely which then redirects to log into the webmail (I think).

She has very stupidly found out log in details for a colleagues password and has accessed this by webmail from both her work computer where she is logged onto the server and from home where again she has to log on with her password and then has logged into the webmail. She really regrets this and is worried that her employer will find out. If she has logged on to webmail through the web, can her employer see that its her logging into this as its being accessed through her password that has connected her to the server. To be clear - she is using the actual log in details that belong to her colleague.

It must be possible somehow, however she is worried that there will be some kind of report that will be produced that will show a mix match.

Any advice that you can give will be apprecited on this. I and her Mum realise she has to be accountable for her actions but she has been under emmense pressure lately and wants to put it behind her.

Look forward to your thoughts.

Yes, her connections were probably logged by any or all the servers she accessed, however unless she works for a company that makes security a priority at the highest management levels, the discrepancy will likely not be noticed unless someone happens on it while manually reviewing logs, or she had multiple failed login attempts while doing so.

It would appear she has three choices:
1. Inform company management and let the cards fall where they will.
2. Quit.
3. Do nothing and hope the breach is never noticed.

She'll have to decide how accountable she wants to be. The colleague/company IT department should be made aware their account and password are no longer secure.

Yes, it can be found very easy, if they put computer security at a high level, the report will trigger some red flags real fast. That will just have to see.

They may say something, or may put a closer look on her computer activity.

Most companies would consider this a very serious violation.

When she went there, what did she do ?

Thanks for these comments.

I have asked and she actually did nothing, viewed the inbox, deleted files. She said that the inbox had hardly any emails in it, she didn't send, delete etc... just looked!

That's not the point. The fact that she accessed the mail box without permission is sufficient to get her fired. As noted, any access to the corporate network and e-mails is logged. How long those logs are kept and how well they are scrutinized varies from company to company.

Thanks ScottGem - I realise its not the point and agree. I was just responding to FR_Chucks question when asked what did she do.