A number of 'hackers' recently in the news did their 'hacking' via web browsers -- just like you. It could likely be successfully argued by a prosecutor that you intentionally stole this credit card data. Yes, I know it was a via clickable link and the site was ridiculously unsecured, but that probably wouldn't make a difference to a court.
How is 'hacking' defined where you are? In Australia (at least in NSW), and some other places, an access control mechanism of some description has to be circumvented for it to be an offence.
In Canada, anyone who "fraudulently and without colour of right obtains, directly or indirectly, any computer service" is guilty of Unauthorized Use of a Computer -- note 'computer service' includes computer service 'data processing and the storage or retrieval of data'. It definitely wouldn't be a stretch to say that accessing a server-held record of previous orders was without colour of right.
Additionally, any number of fraud / mischief offences may be applied to computer-related charges.
I believe the US laws are similar.
Cheers,
Cael
---
See PART IX: OFFENCES AGAINST RIGHTS OF PROPERTY -- 342.1: Unauthorized Use of Computer
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
