It has a name in the security industry, Insecure Direct Object Reference (IDOR) [1]. Somewhat related to Path Traversal [2]. Unfortunately CFAA is very broad and can be (mis)interpreted in wild ways.
reply[1] https://cheatsheetseries.owasp.org/cheatsheets/Insecure_Dire... [2] https://owasp.org/www-community/attacks/Path_Traversal
People have already been imprisoned for this, one case I can think of off the top of my head is https://en.wikipedia.org/wiki/Goatse_Security#AT&T/iPad_emai....
replyContinental Airlines had an active frequent flyer community. A student emerged as a legendary figure (think "Hunger Games") after she noticed that Continental announcement URLs were numbered sequentially, and a not-yet-released announcement rather unfavorable to current elites was there for anyone to read. Quite the brew-ha-ha. Continental retreated.
replyShe was nevertheless welcome at a frequent flyer event hosted by Continental in Houston, where she beat me at poker.