I am assuming you are using MS SQL Server. There are two things that may be of assistance to you.
1) If you have security auditing turned on, you can view the logs to see when users logged in successfully or failed to login. Viewing this may give you clues as to when this happened or what account may have been used.
2) For future monitoring, if you believe there is a risk of this happening again, you can run a trace in SQL Profiler. You can capture all sorts of information using Profiler, including user name, host name, query text, reads, writes, cpu usage, etc.
I wish there were a more complete solution for tracing these sorts of things out of the box, but these are decent tools.