3

I'm wondering if it is legal to use a copy of a leaked database like the leaked Adobe database containing email addresses, encrypted passwords and password hints.

I can imagine it won't be legal to use such data for illegal activities like sending spam or trying to login in other services with that credentials. But, what if it's for informational purposes?

In other words: Can I save and index any leaked database that is published on the internet? And let users search inside it to check if their info was leaked?

One example of a site that is already doing this is: https://haveibeenpwned.com

Peter David Carter
  • 105
  • 6
Bob Ortiz
  • 249
  • 2
  • 10

1 Answers1

1

There are laws prohibiting breaking into computer systems, or committing fraud with a computer, but as far as I can tell, no law prohibiting the simple possession of illegally-obtained data (though possession of such data could under some circumstances be used as evidence of complicity in the crime, so I assume that can be ruled out). The prohibited act here is unauthorized access, so if B steals from A and posts on a web page, C downloading a copy does not constitute unauthorized access to A's computer. Regardless of the chain of computer hosts, a document created by A may be protected by copyright law, so downloading a copy could be illegal. However, I am skeptical that an automatically created database could be argued to have any degree of creative expression, see Feist v. Rural Telephone Service.

user6726
  • 214,947
  • 11
  • 343
  • 576