Absolutely. He was a dick about it. I don't think that anyone would argue differently.
But the fact of the matter is, he's been convicted for unauthorized access to a public computer system. Last I checked, being a dick and a braggart wasn't criminal.
I think he was rather stupid about the whole thing, but criminal? The fault should lie with AT&T, who put their customer data on a public webserver for the world to see.
That's like saying that it isn't robbery if the door was unlocked.
It still is. Any reasonable person would know that stealing from a house, locked or no, isn't something they're supposed to be doing.
It's a quandary, to be sure, because once you discover a hypothetical exploit, it's human nature to sate that curiosity by testing whether it works. Two or three accounts would have proved it, 100,000 accounts is excessive.
I'm not trying to say that the number of accounts he released is germane to the discussion per se, but I certainly think that it's relevant in the discussion of intent.
But the fact of the matter is, he's been convicted for unauthorized access to a public computer system. Last I checked, being a dick and a braggart wasn't criminal.
I think he was rather stupid about the whole thing, but criminal? The fault should lie with AT&T, who put their customer data on a public webserver for the world to see.