[pseudolus]

Re: steps 2 and 3, they could (and I would emphasize that I'm not a domain specialist) be perceived as being criminal in nature - obviously depending on the jurisdiction(s) involved. With respect to IT, history has shown that the road to a prison cell is paved with good intentions. You might be expecting gratitude but there's a good chance you'll come up against a 'shoot the messenger' mentality.

Here's some quick US related info:

https://www.thefederalcriminalattorneys.com/federal-computer....

[_jvqm]

Step 3 is definitely and understandably so not a very legal thing to do, however I'm not sure about simply sending off emails? The person in question did not do anything illegal to gain access to this database in the first place, it is wide open.

They are not realistically expecting gratitude, they are simply not willing to ignore this risk to other humans.

[naikrovek]

It doesn't matter if the front door of a house is locked or not. If you go in, you're going to be charged with at least attempted burglary if no one is home, and attempted robbery if someone is home. It's still trespassing, and you'll have a very hard time convincing anyone that you were there simply to observe if you're caught.

The database being wide open has nothing to do with anything, really, except the severity of it all. If you use that information for any purpose you are probably in violation of one or more laws, depending on where you and the data are.

[_jvqm]

Fair enough. I dont think they are planning to use any information.

[pseudolus]

Whether you did or didn't do something criminal to gain access to the emails would likely be determined by the mood of the prosecutor on a particular day or, worse, by a judge or jury. Perhaps the most advisable course would be to contact your local bar association for a referral or the EFF.

[_jvqm]

They are not based in the United States, but I think you are right regardless and they will call an attorney tomorrow.

[Kranar]

You do not need to be based in the U.S. in order to be prosecuted for a crime against the U.S.

https://en.wikipedia.org/wiki/Personal_jurisdiction_over_int...

[pseudolus]

Not being based in the US doesn't mean that you can't be criminally prosecuted in the US or, for that matter any jurisdiction that takes an interest and has a generous belief in the extra-territorial applicability of its laws.

[joshcryer]

Just document the fuck out of everything you did dude, no matter what you chose to do.

[_jvqm]

Trust me, they are.

[wut-wut]

Do NOT nuke it.