[dmak]

> Hacking is the act of identifying and then exploiting weaknesses in a computer system or network, usually to gain unauthorized access to personal or organizational data.

In this case, they weren't exploiting any weakness of the system thus they did not hack. Logging in is an authorized action. Who is using those credentials is another story. Clearly it is a user mistake. It's like leaking your SSN and saying people hacked your credit card.

[wongarsu]

Would phishing also not be a hack? What about all the attacks that gained entry through social engineering?

[dmak]

Social engineering is social engineering. You're hacking humans if anything, but you're not hacking a system by definition. You can social engineer people for other reasons than hacking a system.