Originally Posted by raymor

the Computer Fraud and Abuse Act, 18 U.S.C. 1030:

Whoever?
(6) knowingly and with intent to defraud traffics (as defined in section 1029) in any password or similar information through which a computer may be accessed without authorization
...

shall be punished as provided in subsection (c) of this section.
...
(c) The punishment for an offense under subsection (a) or (b) of this section is?
(A) a fine under this title or imprisonment for not more than ten years, or both, in the case of an offense under subsection (a)(1) of this section which does not occur after a conviction for another offense under this section, or an attempt to commit an offense punishable under this subparagraph; and
(B) a fine under this title or imprisonment for not more than twenty years, or both, in the case of an offense under subsection (a)(1) of this section which occurs after a conviction for another offense under this section, or an attempt to commit an offense punishable under this subparagraph;

In other words, you'll get up to 10 years each time you sell a list.

URL forwarded to Assistant Special Agent In Charge Robert D. Foley,
Louisville Kentucky Field Office, FBI.