|
|
|
|
|
|
by meowface
4187 days ago
|
|
|
Moonpig.com is not an application you run on your own computer, though, it's a service operated and hosted by Moonpig. Any tampering with that application in a way that's not intended is a violation of the CFAA. As you and I have essentially both just said, it's very unlikely there would be any prosecution due to the facts and the researcher's intentions, but I think it is still a technical violation. Paraphrasing, but the first line of the CFAA is "having knowingly accessed a computer without authorization or exceeding authorized access" (that line is explicitly for access that could jeopardize national security, but it goes on to set similar limits for general unauthorized access of any entity). In this case it is not necessarily unauthorized access of a customer's account, but unauthorized access to a component of Moonpig's system. |
|
|
It's arguable that he could be reverse engineering the API to make a compatible client - I think that should be legal, although IANAL.