No idea what the legal definition would actually be in a given jurisdiction, but without other facts I agree that just sounds like "poor security" or "poor password management" on the part of the person who let it get out, intentionally or otherwise. And not some kind of "active hacking attempt" when the unwanted person(s) were essentially provided with a username and password to login with. I would expect there would need to be some kind of active attempt to "trick" or social engineer the login credentials out of someone for it to have been viewed as "they maliciously obtained the login credentials." Rather than "here's my login info" having been volunteered or mismanaged.Curious Artichoke wrote: ↑Sun Jan 06, 2019 2:54 pm Not that anyone is going to waste time and money to pursue it but.... is it a crime For random member X to use an admin password they found/was given thru the grapevine to log in as an admin and fiddle around? Half the group says that case is a hacking, the other half says no thats just our tough luck.
I presume that's why many companies' security auditors require that logging into a system requires a preamble written by the lawyers of "access to this system is restricted to authorized persons only, blah, blah" before being able to login, even to just your local machine and/or network. Such that if you're not supposed to be there, you couldn't reach the login prompt without having been advised that you're not authorized to login. Even if you technically "can" login because you lifted up someone's keyboard and found their password Post-It or whatever.