Taking over 60k spyware user accounts with SQL injection

(ericdaigle.ca)

228 points mtlynch | 1 comments | 03 Jul 25 14:56 UTC | HN request time: 0.209s | source

Show context

blueplanet200 ◴[08 Jul 25 16:41 UTC] No.44501690[source]▶

From sqlmap

> Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program"

I don't know the legal footing these spyware apps stand on, but this blog post seems like exhibit A if Catwatchful ever decided to sue the author, or press criminal charges. Hacking, even for reasons that seem morally justified, is still illegal.

replies(6): >>44501792 #>>44501947 #>>44502094 #>>44504388 #>>44505059 #>>44505234 #

deadbabe ◴[08 Jul 25 17:23 UTC] No.44502094[source]▶

>>44501690 #

About half of hacking articles are just fake things people claim to have done but didn’t actually happen and no one checks on it, and conveniently by the time they publish the exploit was “fixed”. So you can’t verify for yourself anyway.

Without hard proof that the author did what they said they did, you have no real case. This particular story already sounds far fetched but makes good fantasy.

replies(1): >>44502407 #

munchler ◴[08 Jul 25 17:56 UTC] No.44502407[source]▶

>>44502094 #

FWIW, this story has been verified by a reporter at TechCrunch, who says he used the dumped database to identify the spyware admin in Uruguay.

https://techcrunch.com/2025/07/02/data-breach-reveals-catwat...

replies(1): >>44504027 #

1. deadbabe ◴[08 Jul 25 20:58 UTC] No.44504027[source]▶

>>44502407 #

Doesn’t change what I said

↑