@33MHz very interesting question! imo this is not hacking--I believe there has to be intent behind it. The web server spitting out credentials like that is unexpected behaviour
@flashblu if I accidentally paste in the wrong IP address, and my database client downloads all the personal information in somebody's unsecured database, did I hack it?
@33MHz hmm. you could say that you unintentionally hacked it. i would say that you would then have some sort of responsibility of informing the owner of the server. agree/disagree?
@33MHz very interesting questions! admittedly i had not even thought specifically of legal vs moral obligations in one of my answers, but I would have to say looking back, I was thinking of having a moral obligation to inform the server owner
@33MHz intentions. The slop and incompetence of others should not cast any guilt on me unless I exploit what I come across. If you find a $20 on the sidewalk are you a thief? What about a wallet?