Great Way to Start the Morning....

[jledou]

First step is to log into his account (if he can and reset the PW) make it something hard and I mean hard. Something like jwidl&sj24kem (you get the point). He may not like it but try it and write the password down.

if he can't log in then get in touch with AT&T and they maybe be able to reset the pw and recover control of the account.

My hotmail was hijacked twice ... the third time the pw was similar to above and remains so today ... no problems for a while now.

[markem]

I agree that all that has happened is that a password was compromised. If he had any personal information in email archives in that account, etc, well, then he may be well and truly screwed.

I agree with the idea of making the password hard and that it is okay to write it down, especially if he pretty much only uses it from home - although sticking it in your wallet behind your drivers license (or similar) is fine as well.

Don't rely on the originating IP. IP injection and email injection are trivial to do. If I was doing something like this, I'd use a Nigerian IP address just to give a nod to those who figured it out.

The important thing to figure out is how the password was compromised. Was it just a brute force attack and he was using a weak password or perhaps his computer was infected with malware and his data was harvested from there or maybe he was foolish enough to use a public use computer that wasn't secure or ... You get the idea.

Oh well, back to prepping the course I am teaching next term. A grad CS course in secure programming...

quick edit: here is an acceptable set of hints for creating passwords. Don't give much credence to the first section "Tips" but the next two sections are really good. Mnemonic devices are your friend!
http://www.cs.umd.edu/faq/Passwords.shtml