A German court has charged a programmer investigating an IT problem with hacking and fined them €3,000 ($3,265) for what it deemed was unauthorized access to external computer systems and spying on data.
It looks like the charges are from using the credentials they found not just for finding them. It’s definitely a crap charge because logging into the DB exposed the wider issue of being able to access other customers records.
Well if that isn’t a great way to ensure nobody comes forward when they find major vulnerabilities, idk what is.
Hope he wins the appeal.
It looks like the charges are from using the credentials they found not just for finding them. It’s definitely a crap charge because logging into the DB exposed the wider issue of being able to access other customers records.
The only thing I see they did wrong was to disclose the vulnerability before waiting for a comment from the software company.