I almost got into big trouble at school for "hacking a teachers email". I guessed their email address (they were systematically generated) and sent an email. It's true you can get into trouble for this, but we need to all take it upon ourselves to make sure this doesn't happen. If this guy got into trouble I would hope every software engineer would be up in arms defending them.
It's not as simple: if you accessed something simply because it was badly protected yet you were obviously not supposed to access it, it's more of a grey area. I mean, imagine an uber-hacker for whom many a network is trivial to break in: they can always argue how it was insufficiently protected.
You accidentally stumbling on something unprotected generally clears you from any liability as long as you stop as soon as you notice it.
Code of conduct for white hat hackers is to explore but not abuse, and report as soon as they have enough clarity on the issue. But there is no legal basis for this avoiding any liability except if a company runs an official bounty program.
In that sense, the OP author could face hacking charges if India has similar laws to the rest of the developed world, and the author doesn't even have the "well intentioned" for their defence since they never reached out: the only defence they have is they did not attempt to profit off it.
Nah I better err on the side of caution with this - plenty of examples in history where life’s were utterly destroyed even though every sensible person was ok their side - snowden is just one extreme example but there are many others.
