Well, the important thing is they’re trying to prosecute someone for exposing their security failings.
Identifying and responsibly disclosing security flaws is legal; publicly exploiting them is not.
The app is dumb and whoever developed it was beyond irresponsible, but the people involved in leaking the images & info they found aren’t innocent either.
Identifying and responsibly disclosing security flaws is legal; publicly exploiting them is not.
“Security Flaws” implies that there was some attempt to restrict access that could have been considered “security”. They made no such attempt. Everything was openly provided to the general public.
Putting a big bowl of candy on your front porch during Halloween is an “invitation”, not a “security flaw”.
How stupid do you have to be, not to immediately take everything offline?