It could have been an accident and I bet no one else than Admins with "Edit Users" permission can do that. HKim, can you post a screenshot of Admin logs of that day? Also, a person who originates a keylogging spyware would never play any prank. Instead they'll just take advantage of credit card Information and other personal data. This case cannot involve a keylogger.
Bookmarks