> and then sent the key to a well-known white-hat security researcher
Would you like it if someone involved you in adjudicating potentially illegal (under CFAA & others) without your consent?
This is clearly not a white hat hacker looking to teach people lessons about security. If it were, they could have furnished a list to the major cloud providers of broken instances and given them time to notify and remediate.
Would you like it if someone involved you in adjudicating potentially illegal (under CFAA & others) without your consent?
This is clearly not a white hat hacker looking to teach people lessons about security. If it were, they could have furnished a list to the major cloud providers of broken instances and given them time to notify and remediate.