I have no idea what the law is in India, but if he got a “hacking” charge for this it would be a gross miscarriage of justice, considering he never once did anything resembling social engineering, brute forcing passwords, any sort of injection attack, or anything else that might actually be involved in hacking.
However, assuming he never tried to reach out to the company themselves first (and I saw no indication in the article that he had), this is really quite a horrible irresponsible disclosure. It’s pretty obviously a significant leak of sensitive data—both customer and business data—and giving them 90 days to fix it before alerting the public to what you found is pretty basic security ethics.
I also don’t know the laws in India, but in the US nearly every major “hacking” case for decades has been a miscarriage of justice to some degree or another.
Like Kevin Mitnick who simply figured out that a major early ISP was keeping customer payment information in plaintext on an internet-connected server.
I have no idea what the law is in India, but if he got a “hacking” charge for this it would be a gross miscarriage of justice, considering he never once did anything resembling social engineering, brute forcing passwords, any sort of injection attack, or anything else that might actually be involved in hacking.
However, assuming he never tried to reach out to the company themselves first (and I saw no indication in the article that he had), this is really quite a horrible irresponsible disclosure. It’s pretty obviously a significant leak of sensitive data—both customer and business data—and giving them 90 days to fix it before alerting the public to what you found is pretty basic security ethics.
I also don’t know the laws in India, but in the US nearly every major “hacking” case for decades has been a miscarriage of justice to some degree or another.
Like Kevin Mitnick who simply figured out that a major early ISP was keeping customer payment information in plaintext on an internet-connected server.
deleted by creator