Shaun Tan reports on AsiaOne that a 20-year old student in Singapore decided to “help” those whose email addresses and passwords had been exposed by LulzSec dumping the database from 55 porn sites.
Rather than just emailing those individuals to warn them, however, he decided to take matters into his own hands to change their passwords – for their own good, presumably:
To protect the data of the affected users, he tried to log into their accounts and change their passwords.
That was to prevent cybercriminals from accessing the accounts to wreak mischief.
But he realised that most of the account passwords had already been altered, except for five, which he proceeded to change.
Christopher then waited for the furore and other hacking activities following LulzSec’s breach to “die down” in July, before changing the passwords to the five accounts back to their original ones.
This was done in the hope that the victims of the attack would be able to access their accounts. “Nobody deserves to have their private information put out on the Internet like that,” he said.
Had he done that here in the U.S., he could be prosecuted for unauthorized access and interference with a protected system.
Despite what may have been his very good intentions, this was a dumb – and bad – move. I hope he finds legal ways to help people.