[Pzychotix]

Eh, that's the same type of argument that could be made for exploiting vulnerable public APIs (pass in some query that isn't sanitized, etc.). I don't know the law surrounding those types of cases, but I would hazard to guess those get prosecuted rather hard.

[kbenson]

It's a fine grained distinction, but I thin kit applies there as well, to some degree. If exploiting the API requires leveraging knowledge of the underlying systems (buffer exploit, path traversal issue, etc) that aren't generally discoverable in normal usage, than that may be hacking. If it's a matter of the user discovering through normal use that through a normal set of operations that they have access to more of the same resource they already got (more money when they get some on a regular basis, in the article), then I don't think that's hacking, I think that's learning how to use the API you were presented.

Of course, I'm presenting this aswhat I think should be, not how it is.

[rescripting]

Weev was sentenced to 3.5 years for simply downloading AT&T's data that was made available over a public (but obscure) API. So yes, seems like you'll get prosecuted pretty harshly.

[Dylan16807]

That was a privacy violation. PII is a bit of a different fish.