I dislike write-ups like these where the "researcher" styles themselves some kind of roguish hero, protecting the world from the lazy and incompetent by exposing their vulnerabilities for all to see.
I'm not opposed to responsible disclosure. But I think there's a big difference between finding a vulnerability responsibly (during normal operations, during a sanctioned pentest/bug bounty) and discovering a vulnerability illegally and irresponsibly (spending multiple days, specialized tooling and building a target profile to attack by any vector necessary.) I think this behavior gets a pass from too many people because hey, it's a cool fun puzzle that shows how great and smart you are!
This absolutely would not fly in the real world. Imagine deciding to kick down the doors of small business owners and gloat that they don't have steel doors. "I'm not here to steal! I'm PROTECTING you! Imagine if I'd been here maliciously. I'm just going to go tell the world your door is open -- your customers deserve to know how insecure you are."
