reply to dynodb
Re: Blaming the victim I have to agree. The idea that AT&T deserved...... goes right along with it is probably okay to go into my home thru an open door and help yourself because I left the door open.
Except ATT's site is public, and nothing was stolen. So it's more like walking into a store whose door is unlocked and being arrested because the store is "closed".
Yes, I believe that it is called trespassing in your example. Are you sure that the site the hacker was hacking was a public site. By your definition, nothing was stolen, just a little over 100,000 email addresses.
Just hacker scum trying alibi their activities. No sympathy for them at all.
reply to Austinloop
What AT&T deserves is to lose customers/be fined for such a poor job of securing personal data (an actual legal requirement)
That however does not excuse this pairs actions, discovering the hole wasn't nessesarily illegal but continously exploiting it beyond a basic "can I reproduce it?" might be, and discussing and eventually trying to crash the stock definately is.
Not promptly disclosing it to the company once they understood of it's importance removes any chance of being classifed a Researcher and the long delay, and eventually disclosure method bring Hacking with criminal Intent into play.