So release peoples private information, just to point out security flaws.
He could have pointed out the security flaw without downloaded peoples details.
Admittedly the reaction was over the top. But sending hundreds of peoples personal data around to 'prove' there is a security problem is a bit irresponsible.
It's not nearly as irresponsible as countless of companies straight out ignoring or even denying security breaches while trying to shoot the messenger.
The sad truth is, you can only make these companies move by hurting them. Another sad truth is that the best (and more often than not the only) way to hurt these companies is to hurt their customers.
He could have pointed out the security flaw without downloaded peoples details.
Admittedly the reaction was over the top. But sending hundreds of peoples personal data around to 'prove' there is a security problem is a bit irresponsible.