I bought a site on Flippa about 4 months ago. The person I bought it from was the second owner. Yesterday, the original owner (not the person I bought it from) just emailed MY customer list to tell them about a competing site that he has created. Legally, he has the right to create a competing site because I did not have a non-compete clause. Here's where it gets really dirty. The list of customers includes me and my wife. The only way he would have our email addresses is if he logged into our admin area and looked at customers recently, since our email addresses are in the customer list from when we did test orders to test new credit card service. I will take full blame for not being more careful about changing all the passwords and removing old admin accounts when I bought this site. I'm an idiot, and I'm fixing that now. But for him to break into my site and take customer names seems analogous to breaking and entering, and therefore illegal. Does anyone know the law here, and what is the best step to take (if anything)? What a dirt bag.
check your access logs. You may be able to tie him to the IP he uses. It's theft, and also a Federal offence to violate your computer in this way.
Definitely illegal, and more importantly, a crappy thing to do. I would suggest contacting your web host immediately to have them preserve your site access logs, as well as all server logs for that day. If you pursue this legally, they will be needed.
To prosecute, you would have to prove that he no longer has the right to login. If you bought it, then he shouldn't but I can't be sre without seeing you contract. Consult a lawyer.
My take on this, is that it's probably the original owner. You should have changed the passwords, no excuses. As contentboss suggested, try to find the IP. I doubt he'll be using his IP, but a VPN or Proxy. Nevertheless, trying don't hurt.
Daisy, pm me. I'm an attorney and may be able to refer you to someone. I'm currently representing a client in a similar situation.
other then days wasting time thinking about this...What do you hope to gain..If you hired me as your atty, I am going to ask what is in it for me? even if you did you wrong, which you have to prove, there is nothing here for you to gain, even if charges are brought against him, he will plea bargin down to nothing, life goes on... now if he got on, and took $100,000 then that would be another story... It will just cost you money on a atty, to get what, nothing...attorneys are not in it for nothing... they are in it for money, not pennies on the dollar.. I even talked to a few atty about a park that provided me with misrepresentation... they said so?
Contact him and ask for an explanation, and maybe some kind of compensation. Fix your site so he can't break and enter any more. As for legal action, it is unnecessary unless you have much to gain.
What the former owner did is almost certainly illegal, but the odds that you will find a prosecutor to bring a criminal action against him is close to zero. You can bring a lawsuit on your own (a civil suit, not a criminal action) but that is only worthwhile if you can prove economic damages. That is also likely to be difficult, if not impossible. The best thing is to learn your lesson, and by this post, share your lesson with others.
As someone above said, if you have significant amount involved then you should probably hire an attorney.
This is a tricky situation. My first instinct would be to send a follow up email to your customers warning them to avoid that site because the owner is involved in illegal activity, hacking into your server. Yes, using an old password is still considered a tresspass in the US. That siad, you will probably take a PR hit if you acknowledge a security weakness that exposed their accounts to an outsider. Theres also the legal issues involved of accusing someone of fraud, especially if there's another explanation for what occurred. ie You sent an email to your clients with a CC instead of a BCC so their email addresses were exposed. Another tactic would be to search the logs and find evidence of him accessing your site. You can then file a complaint with ic3.gov and then forward the report to his hosting company. There's a good chance his host will disable the account for suspected illegal activity. It's a small victory considering how easy it is to transfers hosts, but it can be satisfying none the less to see an "account disabled" message while it takes a few days for his new dns to propogate. ;-)
I'm confused, did he have an account that you forgot to remove admin permissions from, or is there a single admin account and you didn't change the password? If It's the first, by not removing his permissions you granted him access, and I don't think this could be viewed as hacking or illegal... Now if he accessed a shared admin account because you didn't change the password, this could get sticky. Honestly you're best off to just admit it was your mistake and learn from it. We all have crappy things happen to us, no need to pull out the sue button every time eh
Really, so if I do not change the locks on my house the former owners can just let themselves in and help themselves to my stuff? C'mon man, this is not even a close call. Nobody but the current owner or people he authorizes has right to be on his server - period. There is no "but he didn't change the password" exception that allows you to continue to access a server you do not own.
What a load of crap. If he (previous owner) sold, or even just gave away the site to someone he then relinquished all access rights to the site, unless there was an agreement that he stay on as an admin. If that is not the case he is guilty of illegally accessing the site.
Well I'm sorry you think my thoughts are a load of crap then, but they are just my thoughts and you're free to have your own as well. I'm not attempting to justify what he did he, clearly it was wrong. I was just taking it from the other side and making a debate for that. As for what browntwn said with the locks and the doors, are the police going to be very helpful to you if you told them that story? Yeah, they probably won't be. The action was wrong, but changing passwords is a must. There's a lesson to be learned here, so let's learn it and move on.
I guess it was your own mistake which you are facing now in shape of viral marketing form! You must contact to the person from which you bought the site because any how he is also responsible for this offense..