RussellHltn wrote: What evidence is there that someone has actually created the old LUWS account? From what I gather, the evidence is only that in the creation of a new account for a member, it has been discovered that there's an existing one.
The e-mail address registered for the LUWS Account was that of another individual known by the ward member. We are quite certain that we know the identity of the impostor.
The discovery that the account had been hijacked was not through the process of creating a new account. It was made by asking the member about ward website access and use. The member was completely unaware that this account existed. There was convincing evidence that the member did not create this account.
RussellHltn wrote:Is there any evidence that it's been used? Do you know the identify of the user? I would not rule out the member had forgotten that they created the account in the past.
Besides the fact that the account is tied to an active e-mail account, and the fact that ward e-mails have been sent to the impostor's account for some time, there is no evidence that the LUWS has been accessed by the impostor. The impostor knew the e-mails were coming for my ward and made no effort to reply and to let me know that the e-mails were being sent incorrectly. While this is not active use, it is definitely passive use.
There is no logging mechanism (that I am aware of) where website Administrators can know who is accessing the ward website. I would dearly like to see website access and use logs. Access logs could help in a lot of ways, from knowing where to focus and improve communication to enlisting the help of those who are most involved with the website. And, obviously, they could answer questions like the one in this thread.