How can a Windows 7 user account be hacked?



Last week I had some serious problems with my PC, so I asked the shop from which I bought it to have it fixed. Today I got it back, and noticed two strange things:

  1. I have two user accounts. When I wanted to get into mine, I wasn't asked for a password (and I did have a password for it)
  2. Windows has notified me my license wasn't legal. And indeed, the license key was not the one I have been using (which is legal)

I called the shop, and they said they use their own hard drive when checking hardware problems, in order not to cause any loss of data for the customer. Since my system has indeed become extremely unstable prior to the fix, I assumed the problems were caused when I still had the PC.

Now, I've just noticed there's an unfamiliar folder on my desktop, with some hardware testing tools. The folder was created yesterday, before I got the PC back, but the files owner was my user... Sadly, I've already cleared the event logs, so I have no further proofs, but it seems to me the technicians have somehow reset my user's password, and have used it to log in.

I'm not interested in becoming a hacker, and I don't need the details. Just wondering if this is possible. Should I be extremely angry, or am I missing something?

(FWIW, they told me they've replaced my 4GB G.Skill RAM and AMD Phenom 945 CPU. God knows how those two would break while the motherboard survives. OS is Win7 x64)


Posted 2010-11-16T19:28:06.373

Reputation: 1 193

6If someone has physical access to your machine they can do anything they want to it, resetting passwords is trivial. Calling them a hacker or getting mad is kinda silly. If you are worried about your data, don't give your computer to someone else to fix, and/or use full-disk-encryption like Truecrypt, so they cannot possibly access anything. – Zoredache – 2010-11-16T20:11:30.453

4Windows Passwords are like locks on your front door; they keep honest people out. – Chris S – 2010-11-16T20:24:58.697

This isn't something to get upset about they needed access to your account so they could fix it for you. As Randolph said below when you change hardware like the CPU you have to call Windows and have them re-verify your account. – 에이바 – 2010-11-17T20:01:19.907



My two cents:

at the repair shop they cracked your password with a tool (ERD commander, MiniPE or any kind of similar software) just to test if the pc was ok. In third world countries like mine (Italy :P) it's VERY common. Of course you could try a serious antivirus and antispyware software (in the free as in beer world I'd suggest Malwarebytes Antimalware and Super Antispyware) to be sure you didn't get any other guest. Just to live with a better smile maybe a format is not a bad idea: everytime you format your pc you make it a little better and learn a little more! If I can suggest also a wonderful tool to install easily all the "basic stuff":

Have fun and next time you'll be there just keep your hd @ home :)


Posted 2010-11-16T19:28:06.373

Reputation: 1 766

I guess sharing the Mediterranean means we have to share some common annoying behavior... Thanks for the tips, and indeed - next time the HD will stay at home. – eran – 2010-11-20T21:30:46.753

You're welcome, my friend :) – Pitto – 2010-11-21T19:42:35.483


I work in a tech shop. If we can't get hold of a customer to find out their password, we reset it to a blank one so we can work on the machine. So in your case, this is normal.

We also copy files to a hard drive to do general diagnostics, but we delete them afterwards. Again, in your case, it's normal but they got sloppy.

RAM and CPU can be damaged by power spikes and leave the motherboard alone. It's not common, and is very difficult to diagnose, but it's theoretically possible.

In any event, your Windows activation kicked in because of the new CPU, so phone in the number with your existing key and you should be good to go. It's automated and takes five minutes or less.

I hope this helps.


Posted 2010-11-16T19:28:06.373


What annoys me is that I got the machine from them without an OS, and so they had no reason to try to fix it. When I called them, they insisted they never use the user's hard drive, but rather connect one of their own. They never said anything about trying to reach me. I can imagine someone was trying to shortcut his way toward solving the problem, but I'm still annoyed they tried to hide it from me. And, BTW, the OS had a different serial for some reason. When I re-entered mine, it worked just fine. – eran – 2010-11-20T21:17:50.587

1Like I said, these guys got sloppy. – None – 2010-11-20T22:07:21.057


There are alot of tools you can install on a USB drive or cd and boot to in order reset a user password. I'm not going to give examples here, but a quick Google search will yield plenty of results. Most system admins keep these tools on hand.


Posted 2010-11-16T19:28:06.373

Reputation: 8 643


Just wondering if this is possible

Yes. It's trivial to reset Windows password.

Should I be extremely angry, or am I missing something?

What would you be angry about ?

Sathyajith Bhat

Posted 2010-11-16T19:28:06.373

Reputation: 58 436

1It's a matter of trust. Why would having to fix my hardware give them the right to break my password? The OS installation was mine, they only had to take care of the hardware. If having the PC at their lab allows them to do anything they like, why stop at the OS? Can they go into private stuff, just to see "everything works"? Call me naive, but if someone trusts me with his private stuff, the last thing I'd do would be looking in that private stuff. With the access system people have to other people's stuff, they must be trustworthy. – eran – 2010-11-20T21:27:16.490

Erm - the bit you are missing is 'they can'. Why assume someone else is as ethical as you? Some tech outfits actually look for evidence of illegal activity; I have seen evidence of ones who look for anything juicy (private pics etc) - and although most will be perfectly well behaved, don't leave it to chance! – Rory Alsop – 2010-12-08T23:27:44.003