‘First time we have detected a crime using this method,’ cops say Spanish police arrested a hacker who allegedly manipulated a hotel booking website, allowing him to pay one cent for luxury hotel stays. He also raided the mini-bars and didn’t settle some of those tabs, police say.…
Define, “hacked.” I ask because there’s degrees to this sort of thing.
Example 1: Hacker finds SQL injection vulnerability and uses it to change his bill after booking.
Example 2: “Hacker” changes the HTML form that submits his booking by changing a read-only value to read-write and adjusts the price to $1.
The first one is actual hacking. The second? Come on! In that case the hotel accepted the booking with the reduced price. That’s not really hacking, that’s just a comedy of errors in judgement on behalf of the hotel.
The second example is like changing the price tag on something in a store to $0.01 and then having the clerk look at it and say, “well, that seems low but the price that says one cent, so…” 🤷
Your example 2 is just describing improper input validation/bad logic. Which… Is still hacking. It’s just a different category of vulnerability and difficulty (though slamming a SQL inject in every input field you can’t find isn’t the most complex either).
Example 3: guy finds admin panel with default password - still hacking Example 4: guy finds improperly secured admin endpoints in booking software - also hacking Example 5: booking server wasn’t updated in 2 years and hacker uses a PoC exploit he pulled from somewhere to hack it - yup also hacking Etc
All those are wildly different ways of achieving the end result but they all share two things: 1. They’re hacking 2. They’re illegal to use for anything other than responsible disclosure
Keep vibe coding, kids.
And if I’m ever on this guy’s jury, the evidence doesn’t sound compelling, to me. Sounds like a misunderstanding.
