Hacker News new | past | comments | ask | show | jobs | submit login

>>Legally speaking, if you find a bug and abuse it (to e.g. extract data), you're breaking the law; I know people don't want to hear it and want to protect whistleblowers, but it's factually illegal to steal data like this.

I dont think anyone is saying it was not illegal are they? but just because it is illegal does not resolve the security issue at the service provider

If I leave my home unlocked it is still illegal for you to steal my TV but you can bet my insurance company is going to give me crap (if not deny my claim out right) due to my negligence for not securing my property

>>That's what whistleblowing is all about though; purposefully breaking the law or a contract (like an NDA) to expose shit.

It can, but not always, and in the case of true whistleblowing there are laws in place that would provide an affirmative defense to otherwise illegal acts (like breaking an NDA). This is akin to self defense. Murder is always illegal but self defense is an affirmative legal defense one can use to justify their action making them "not guilty" of the law under those special circumstances. Whistle blowing as a few of these affirmative defenses as well

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact