The base legal definition of “hacking” is “unauthorized access”. Then the trick becomes establishing “unauthorized”. The reason this matters is if a website is publicly accessible, then it’s assumed to be authorized even though it’s not explicitly stated by anyone. However, you are accessing information on a computer system you do not own and were not given explicit permission to access.
Now let’s say in the HTML or JS there’s an endpoint to a backend server that’s not directly exposed via online searches or page links. And through that link you are able to expose sensitive data that’s not shown on the webpage.
Now, how is the definition of “unauthorized access” or “hacking” applied here?
Edit: yes this is splitting atoms, but that’s the world of legal definitions
Legally it’s called hacking.
https://www.law.cornell.edu/wex/hacking
The base legal definition of “hacking” is “unauthorized access”. Then the trick becomes establishing “unauthorized”. The reason this matters is if a website is publicly accessible, then it’s assumed to be authorized even though it’s not explicitly stated by anyone. However, you are accessing information on a computer system you do not own and were not given explicit permission to access.
Now let’s say in the HTML or JS there’s an endpoint to a backend server that’s not directly exposed via online searches or page links. And through that link you are able to expose sensitive data that’s not shown on the webpage.
Now, how is the definition of “unauthorized access” or “hacking” applied here?
Edit: yes this is splitting atoms, but that’s the world of legal definitions
Bro, stfu and move on. Its “hacking”.
Don’t like being wrong, eh?