14 DAY TRIAL // Trying to help someone fix a problem with their site these days can be quite dangerous. Not only is that someone probably not going to thank you, but you're liable to be branded a hacker as well.
Reporters for Scripps News discovered, using just Google, the records of over 170,000 people applying for a subsidized landline, under the FCC's Lifeline program, due to their low income.
The records contained names, addresses, and social security numbers, along with other info that could be used for identity theft and various other nefarious business.
The data was found on a server operated by Vcare, an Indian call center service for YourTel and TerraCom, two telecommunication companies in the US.
All of the data was openly available to anyone doing a Google search. What's more, none of the data was even supposed to be stored by the companies for this long. Needless to say, having all this data available to anyone is a serious privacy violation.
The reporters contacted the companies involved to inform them of the problem. Obviously, the two companies involved responded with an angry letter from their lawyer branding the journalists as hackers.
Not only that – because they had the Audacity to discover that the files were publicly available, the journalists alone are responsible for the breach and should be the ones held accountable.
The accusations would be – and are – ridiculous to anyone using common sense. But that's not how the US legal system works.
Andrew “weev” Auernheimer got a 41-month prison sentence for basically doing the same thing, namely grabbing documents with sensitive data that were publicly available to anyone willing to copy them.
Thankfully, this won't happen this time, but it does once again highlight the urgent need for a reform of the Computer Fraud and Abuse Act under which these issues are judged.