inaccurate statement?
I don't understand how the hackers methods "unnecessarily puts customer data and intellectual property at risk."
Did I miss the bit where he published the information he'd found to the wider community?
Surely the company not securing the database in the first instance "unnecessarily put customer data and intellectual property at risk"?
At least the company did acknowledge that he had helped them out.