[aleph_minus_one]

> Since this is hackernews, graffiti "vandalism" is still a good example. The only protection of public facing walls is law enforcement, which is spotty. Private property such as trains may employ fences and security, which can be circumvented. Train stations and trains in service have to open anyhow. Terms of Service may explicitly forbid pollution, defacement, however you want to call it (this holds by analogy if you leave logs on the server, my point being, as it were, that security is a process).

Grafitti satisfy the criterion of Sachbeschädigung (criminal property damage). Nothing (except some reputation) was damaged by the "hacking" involved here.

[hnbad]

Well, depending on what kind of data was stored in the database he accessed, this may constitute a data breach according to privacy law in which the vendor also needed to assess whether the incident needs to be reported to its data subjects (i.e. all customers in the same database). Those could then possibly sue for damages.

Of course if that's the case the vendor would have to be found to be in violation of privacy laws by not using state of the art protections (e.g. not shipping plaintext passwords, not using the same database/credentials for data from different customers) and might be fined for that separately.