Stolen Passwords Question (Semi-Legal)

**C1R_Andy** · 01-22-2008, 03:02 PM

Question to anyone in the know...

Are those stolen password sites (that post usernames and passwords to paysites) actually breaking any laws?

On occasion I find a user/pass for our site on these lists and wonder what I can do about it beyond just deactivating the account. I thought for a second about sending a DMCA notice; but they aren't posting any physical copyrighted property, so I don't think that would work...

But since they are posting 'stolen' user accounts, which would infringe on monetary gain (for us); i would guess they are breaking a law of sorts...right?

Do you guys do anything beyond deactivating the account if you find a stolen user/pass?

**MiamiB** · 01-22-2008, 04:17 PM

Since so many of those sites are outside of the USA it is very difficult do anything against the site. We simply delete the individual username/password that is posted.

We also send an email to the member to let them know that they violated our TOS.

Lee

**Chilihost** · 01-23-2008, 07:15 AM

they are breaking the paysite's terms & conditions. But sometimes members don't even know their userid/pass is being listed - you have to realize that members are lazy and generally use the same userid/pass for all sites that they join....all the password hacker needs to do is get one .htpasswd list from a compromised server and he usually has access to loads more paysites.

That's why we force random userid/passwords on our members, and always ensure our servers are up2date & fully secured. By the way, we have been forcing random u/p on members for years and not once have we had a complaint.

**Titanmen** · 01-23-2008, 02:13 PM

http://www4.law.cornell.edu/uscode/17/1201.html

http://www.copyright.gov/title17/92chap12.html#1201

It can techincally be considered a "Circumvention of Technological Measures that Control Access to Copyrighted Works" and you can send a DMCA takedown notice.

**C1R_Andy** · 01-23-2008, 04:47 PM

Originally Posted by Titanmen

http://www4.law.cornell.edu/uscode/17/1201.html

http://www.copyright.gov/title17/92chap12.html#1201

It can techincally be considered a "Circumvention of Technological Measures that Control Access to Copyrighted Works" and you can send a DMCA takedown notice.

OMG Keith...I LOVE YOU! U ROCK DUDE!

Thanks for all the advice from everyone; I think i will be using all of the above options

**raymor** · 01-23-2008, 07:31 PM

They would also be at least an accessory to a relativerly new federal
felony, unauthorized access of a secured computer system. Not that
it matters, though - your odds of finding a district attorney who will
prosecute are pretty slim. You'd need to find a password site owner
who is located in a convenient country and who has money, then sue
him. You'd probably contact the webmasters of other sites listed to
jopin in the suit.

Thread: Stolen Passwords Question (Semi-Legal)

Thread Tools

Display

Stolen Passwords Question (Semi-Legal)

Bookmarks

Bookmarks

Posting Permissions