I have a bit of an ethics dilemma at the moment and would like opinions. I have been working for a company for about 2 years, then I quit my job. The company went out of business a few weeks later (which I foresaw, thus my quitting), and now I've noticed that a former employee which was not a big buddy of mine, but OK, has opened a new online shop. Curious about this (i wasn't sure it was him at the time) I sent an email from a fake address asking for information (subtle.. not like "who is behind this website?") So this part is the weirdest part. I received an email to my main email inbox (it is linked to the fake email address) a few hours later saying someone had changed my password and had deleted the secondary (my main) email address... and replaced with one where I could clearly see who was behind that. I think the message was like "don't play with us" or something laughable like that. After a couple of days of investigating...I've managed to log myself into the backend of his website (ecommerce). Now.. what should I do? Should I place hidden links in his website? Steal his customer list? Replace his Paypal / moneybookers email address with mine? Or should I just not do anything? He probably knows my own private shop, but I highly doubt he can get into it. The thing is the website is not very old (like 1-2 months old) and he hasn't had any sales yet. He has like 2 customers who have signed up and actually I know those customers cos I used to handle their accounts in our ex-company. We're talking customers who order $2000-3000 worth of merch every few months. What would you do? I want to fly under the radar as long as possible and I want to make money off this guy without him noticing me.