Serious word for 'a bad guy'

nouns single-word-requests formality

I would change the wording to refer more to the attack than the person.

"Had it been malicious, your account would have been stolen."


Attacker fits the tone of rest of the message, and in prticular the use of the word attack. By adding real or actual you can differentiate yourself from the "bad guy" since you are technically using the vulnerability yourself.

Malicious user can be an alternative, since it directly describes the bad behavior.

Adversary is often used in infosec, but is typically used in a more hypothetical and technical tone and might not fit you warning message.

The site has an XSS vulnerability. An adversary could execute client-side code under conditions X and Y.


I think people understand hacker in this context.

Had it been made by a hacker, your account would have been stolen.


Antagonist or real attacker seem like they might work here.

Related

How to express an unwanted purchase?
How old is the word "upskirting"?
What does "worm of yellow convicts" mean?
Is "such a cooler" proper English?
What does “I believe in making America safe for old-fashioned light bulbs and not those weird curly ones,” mean?
What do you call a web advert that obscures page content forcing you to look at it?
Is "can't" a euphemism or is it ambiguous?
Meaning of "Butter is Gold in the Morning, Silver at Noon, and Lead at Night."
Ways to Memorize "Discreet" and "Discrete" [closed]
Is "scurryfunge" a new word?
What's the AmE and BrE for "tartaruga"?
Phrase for words like "heart rate", "blood pressure", "sweat", etc