[achairapart]

Come on, a kid was just fooling around with the developer console and probably had a curiosity just like the comment above:

> Did you try adjusting price?

And he was punished for "hacking", not for stealing, and for indirectly putting to shame who was responsible for the epic fail.

[motorest]

> Come on, a kid was just fooling around with the developer console and probably had a curiosity just like the comment above

You're failing to address the point. It is also trivial to switch price tags in supermarkets. If a kid rips off the tag of an expensive product, tacks on another price tag for pennies, and proceeds to pay the reported price at the checkout counter, is this something deemed acceptable or even classified as vulnerability research?

Make no mistake: the system was a shit show and all companies involved pulled some "sociopath mid-level manager saving his ass" moves. But the issue is nuanced.

[achairapart]

There was no personal profit. He bought a ticket he never used, just to show to people on twitter how bad the system was. He could have silently taken advantage of his discovery and travel at no cost for a long time peraphs. But no.

Sounds more like vulnerability reasearch than crime to me.

[sgarland]

IANAL, and furthermore have no idea what Hungary’s legal system is like, but mens rea is a thing. If I break a window by using it as a target for practicing my golf swing (I don’t golf; I have no idea if this is something golfers do) I am culpable. If I break a window because I’m trying to land balls next to the window, I might be culpable. Again, IANAL, so if anyone wants to correct my analogy, please do.