Couldn't you say the same thing about any security hole? If Equifax didn't want people reading their databases then they shouldn't have allowed anyone with an internet connection to remotely execute code on their systems via https://github.com/rapid7/metasploit-framework/issues/8064
There's an enormous difference between accessing a public endpoint, and accessing one that isn't intended to be public. To use addresses as an analogy:
Going to www.nytimes.com is roughly the equivalent to driving in front of someones house. It's certainly not my fault if they leave their blinds open while they are naked. Now maybe they thought I was someone else due to the car I drove, but that sure as shit isn't my problem.
Equifax is an entirely different issue. If you leave the door open to your house, that sure as hell doesn't give me the right to go into it. I can look at it, I can even tell everyone "Hey, that door is wide open." But I can't go in do shit without permission to be there.
Going to www.nytimes.com is roughly the equivalent to driving in front of someones house. It's certainly not my fault if they leave their blinds open while they are naked. Now maybe they thought I was someone else due to the car I drove, but that sure as shit isn't my problem.
Equifax is an entirely different issue. If you leave the door open to your house, that sure as hell doesn't give me the right to go into it. I can look at it, I can even tell everyone "Hey, that door is wide open." But I can't go in do shit without permission to be there.