Could be borderline between both but I consider this hacking becsuse the threat actor uses knowledge to create the script that exploits vulnerability - bypasses phone, ip and captcha checks to mass create spam accounts. Even if it's script kiddie who uses someone else's script or tool.
You are viewing a single comment's thread from:
Yet nothing was hacked or compromised, just exploited weaknesses.
Hacking doesn't need to compromise anything. Any exploitation of certain weaknesses in the system/app/program/hardware is a hack.