Breadcrumb
Navigation Menu
Unlawful access to an information system
Unlawful access to an information system
Unlawful access to an information system is when someone logs in to another person's user account or device without permission. Unlawful access can be done technically, for example by using password cracking software or malware. It can also be done by guesswork or snooping on someone else's password.
Logging in to a friend’s social media account without permission is unlawful access to an information system.
Unlawful access to an information system is a crime and can result in imprisonment for at most two years. Aggravated unlawful access to an information can result in imprisonment for at most three years.
Unlawful access to an information system is usually a complainant offence, which means that you yourself can decide whether you want the perpetrator to be punished. If the unlawful access to an information system is very serious, the police may, however, continue to investigate the matter even if you were to decide that you do not want to bring charges.
Tietomurto testaa tietosi en
Test your knowledge: Unlawful access to an information system
I can log in to the admin section of a website by trying the username and password 1234 on the login page, and I go and look around the site. However, this is not yet unlawful access to an information system
If a website requires you to log in, by logging in to the site without the credentials intended for you, you are guilty of unlawful access to an information system. However, if you come across such an opportunity, it is very important to report the error to the site owner. Many sites have their own form for reporting vulnerabilities. If you feel uncomfortable about reporting the error directly to the company, you can also report it to the National Cyber Security Centre Finland (National Cyber Security Centre, Report vulnerabilities), who will take the matter further.
A friend has given me the username and password for their social media service. However, I am not trying them on other online services because it would be illegal and would be unlawful access to an information system.
You may not use someone else's credentials without permission. If a friend has given you permission to use their credentials to access one service, you may not use them for anything else. Simply trying out someone else's credentials for a service they have not given you permission to use can be unlawful access to an information system or attempted unlawful access to an information system.
You should always be very careful when sharing usernames and passwords. No matter how good a friend you are, you can refuse to share your usernames.
I used my own username and password to log in to an online service but ended up in someone else’s account, so did I accidentally unlawfully access an information system?
If you used your own credentials and ended up somewhere other than your own information, you are not guilty of unlawful access to an information system and this is more likely to be a website error. It is very important to inform the website owner of this error. If you feel uncomfortable about reporting the error directly to the company, you can also report it to the National Cyber Security Centre Finland (National Cyber Security Centre, Report vulnerabilities), who will take the matter further.
I forgot to log out of Wilma on the school computer. A friend accessed my account and sent abusive messages to teachers in my name. I can't do anything about it because it was me who left my profile open on the computer.
No-one may use another person’s credentials without their permission. So even though you forgot to log out, examining your account and the unlawful use of it may constitute unlawful access to an information system. Sending abusive messages in someone else's name can also be meet the statutory definition of other offences. It’s a good idea to tell an adult you trust about the incident and, if necessary, file a police report. It’s also a good idea to change the account password.