Helping people with computers... one answer at a time.

You cannot hack an IP address, as it's fundamental to routing data on the internet. However, there are scenarios where IP addresses can appear the same.

Last week while I was using my friends laptop, he found out that his Gmail account had been breached ( according to the account activity on Gmail). I accessed my own Gmail account just before or the same time. Now it seemed like I accessed his email, which I did not. His Gmail account activity shows the same IP address as the one I used.

Is it possible that someone could have hacked in and used the same IP address to access my friends Gmail account?

In short, probably not.

IP addresses are technically not able to be hacked. They're fundamental to routing data on the internet, and as such an attempt to hack an IP address would break the hackers connection to whatever he was trying to access.

However, there are actually a couple of common reasons that accesses from two different machines might appear to be from the same IP address.

I'll look at 'em both.

Two machines can appear to have the same IP address on the internet at the same time if they happen to both be behind the same router.

"... all the machines behind the router look like they have the same IP address on the internet."

In your home, you may have a router that connects to the internet as provided by your ISP. That connection can then be shared among multiple computers.

Part of what's being shared in the IP address.

In a situation such as this, the IP address is actually assigned to the router - it then in turn assigns local area network IP addresses to each of the machines connected to it. These are usually addresses of the form 192.168.x.x which by definition cannot appear on the internet itself. Each time a machine makes a request of the internet the IP address is "translated" by the router and appears to come from the single internet IP address that was assigned to it.

In other words, all the machines behind the router look like they have the same IP address on the internet.

Two machines can appear to have the same IP address on the internet at different times if they connect via DHCP.

DHCP, for Dynamic Host Configuration Protocol, is one of the ways that ISPs re-use IP addresses when computers aren't continuously connected (and even sometimes when they are).

DHCP dates back to the days of dialup when computers were typically only connected for a short while before someone had to use the telephone again. When you connected your computer via dialup, an IP address was assigned on the spot, and when they disconnected it was released. If another computer came along and dialed up after you had disconnected there is a good possibility that they might be assigned the same IP address that you'd just been using.

Even though we're often connected for much longer, the same technology is still in use. Depending on your equipment and how you connect it's very possible that your ISP is assigning you an IP address when you first connect and releasing it some time later. Once again, if after you disconnect someone else comes along it's possible that they could be assigned that IP that you'd just been using. And much like dialup, they really don't have to be all that close to you either, they simply need to be using the same ISP.

To muddy the waters even further, you don't really even have to disconnect to have your IP address released out from underneath you and placed back into the available pool. The protocol is such that you'd be assigned a new one immediately, and you'd never notice, but I've seen it happen. The net effect is that even if you're connected continuously your IP address could change, and the one you had been using could be assigned to another machine elsewhere.

Finally, one note about your specific situation - it's possible that it could be something as simple as his having had "remember me" checked so that when you went to check your email it "touched" his and recorded your IP address before you logged in as yourself. Similarly, if you use a different browser, both accounts could have been logged in simultaneously. Finally, if he's running a tool like GTalk or the Gmail notifier, these too could have retained a persistent connection to Google and his account while you read your email.

Article C4269 - April 18, 2010 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

9 Comments
Bob
April 19, 2010 8:28 AM

Reading the full text of the question, I think something obvious has been missed. "While I was using my friend's laptop..." would indicate to me that both Gmail accounts were indeed accessed by the same machine. I don't know how Gmail works, or how the laptop is set up, but it may be as simple as the laptop automatically accessing the friend's e-mails through Outlook or something similar in the background, and the person posing the question accessing their own Gmail via the web.

Ken B
April 20, 2010 10:26 AM

"The protocol is such that you'd be assigned a new one immediately, and you'd never notice, but I've seen it happen."

It's not always "invisible" when the IP address changes. I know someone who had his business on a dynamic IP connection. The address would stay the same for days on end, until, that is, someone would try to ftp a file to his system. (My guess is that his TOS didn't allow him to run servers on his connection, unless he upgraded to the static IP service.) Within seconds of starting the ftp, his IP address would change. Which, in turn, killed any active connection, like ftp and telnet, regardless of which was the "server" and which was the "client".

Gr1mr34p3r
April 20, 2010 3:02 PM

Umm.. spoofing a WAN IP address is not a hard task these days, yet do I think someone that doesn't know how NAT'n works spoofed an IP address... Probably not.

Dan
April 20, 2010 10:54 PM

I am not getting yahoo email from my normal contacts. A few days ago on one of my yahoo accounts, i was forwarding emails to one of my other accounts, "news letters", then in that process there was a notification "your account is unusable for a period of time as it is detected as a spam account." something like that/ I am not a spammer. Another one of my friends had to open a gmail account instead of his normal isp email. Is there some radical changes eliminating email perse?
tks

Carlos Coquet
May 14, 2010 1:46 AM

Speaking of Yahoo, be EXTREMELY careful with them. I had a Yahoo account with them for THIRTEEN YEARS. However, last month I suddenly was unable to get into that account. One option offered was "Forgot password?". I took that route and after a couple of screens I got a message saying that I needed to contact customer support. I did. Two days later, I was told that my account had been cancelled for violating TOS ?!? No explanations whatsoever. I answered asking what violation I had committed. 3 days later I got a message saying they could not tell me any more and that was that. Fortunately, I had absolutely nothing valuable with them. But, if someone hacks your Yahoo account, expect ABSOLUTELY NOTHING from Yahoo !! They will be useless.


M.Bloom
September 1, 2012 12:38 PM

I believe I was hacked recently...with someone using my IP address,e-mail, and eventually my bank account to order some program on line..I have been charged and the bank resfuses to fight this since the company says my IP address came from my computer...is this possible?

Mark J
September 1, 2012 9:39 PM

@M Bloom
Does anyone have physical or remote access to your computer or to your router? In order to come from your IP the transaction would have to come from your computer or home network. This can also be the result of malware running on your machine.

Yasmin Halcrow
February 12, 2013 2:08 AM

I think your site is fabulous. Thanks for that. Good on you taking a well deserved Sabbatical, particularly in sync with your 30th wedding anniversary. Guaranteed it will help transit the next 30yrs :).
My problem: I feel sure my gmail a/c has been hacked via my WAN static email address- {ip address removed}
I have also noticed an extra User Account which disappears before I can write it down. This has happened a couple of times. Also, I'll read my gmail, then when I turn the computer on again, some mail appears in bold font as if it hadn't been read by me.
I am not super techie but get by. I'm 56 yrs, so that gives you an idea where to place me at for ability :).

Cheers,

Yasmin Halcrow (South Australia)

connie
February 12, 2013 8:23 AM

@Yasmin,
Here is Leo's article on what to do if your email is hacked. That's got a step-by-step guide in how to Email Hacked? 7 Things You Need to do NOW.

Keep in mind that Gmail is an online service, it doesn't run on your computer, just in your browser.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.