[jellicle]

If criminal law isn't capable of handling a hacker who hacked 1.5 million victims, criminal law is broken.

(If Facebook changed its name to Lulzsec2.0 of course the FBI would be very interested in the situation.)

And while the previous commenter quoted the part of the CFAA that mentions fraud, fraud isn't necessary to violate the CFAA. All you need to do is exceed authorized access to any internet-connected computer. Is there any doubt that Facebook has admitted to doing that?

[dsfyu404ed]

It's not hacking. It's social engineering. It's no different than some smooth talking "Nigerian" getting your grandmother to cut a check. No systems were hacked here, no technical errors or design loopholes were exploited. People were persuaded into doing things that gave Facebook the access it needed to obtain the contact info.

[jellicle]

You are making a distinction that the criminal justice system does not make.

[dsfyu404ed]

There's no law that makes "hacking" a criminal offense. This particular case is just manipulation/social engineering so you probably shouldn't be calling it "hacking" on a message board that's mostly populated by software professionals to whom "hacking" has a meaning that does not include what is basically a con-man trick (though I see you have already edited the parent comment to reflect this).

[jellicle]

We were literally just discussing the law that makes hacking a criminal offense. The Computer Fraud and Abuse Act makes it a federal offense; most if not all states also make it a state crime; most if not all other countries also make it a crime in their jurisdictions.

And yes, tricking someone into giving up their password is hacking (as any hacker will tell you), and it is a crime to use that password to swipe someone's contact database.

I'm not sure I can continue this thread with you because it seems you are very confused. I have also not edited any comments here.