I'm wondering about the legality of this. If you take an (assumed) stolen dump of sensitive data and turn it into a webservice, could you get in trouble?