For what it's worth, as long as I've had a personal computer, I have always observed certain principles:

• Use a strong password whenever possible. Avoid words that can be found in a dictionary, or anything that might easily be derived from personal information, i.e. a birthdate. Try to use something mnemonic and include numbers, uppercase letters, lowercase letters and punctuation. For example r4d!03804RD
• Use an antivirus program and keep it updated (most are automatic and almost invisible these days).
• Use a spyware protection program. While I have no hesitation in recommending Spybot Search and Destroy, I am also trying out Threatfire at the moment.
• Never assume that any information you send over the internet is secure, and be alert for any indication (stable door/horse bolted?) that your information has been intercepted.

I hope you won't leave us Milly. But above all, I hope you manage to regain peace of mind.

I wasn't being alarmist Michael, quite the opposite - I wouldn't expect security here to be as good as my bank for example - purely for the reason that I wouldn't have sensitive information here, even my email address doesn't refer back to me. Hence I would not be too worried if someone were able to hack into my account. What would worry me is if they were able to do so because they'd hacked into my PC - as you say, Milly might need to look at her own security from the sound of things. Although I doubt whether anyone able to access her m/c would bother to mess around with her r3ok account in the way described, they'd be after her bank account or credit card details. It sounds to me more like a bug in the software.

To be honest Milly, it could be something as simple as someone knowing your password, or even someone using a computer that you've logged into R3OK and ticked 'remember me'.