He didn't, his friend created the account. It's usefull to have someone else, on a diffrent device, and IP block to create the account to confirm that it's possible to take over an account that you have no previous connection to.
If the target has halfway competent security response, you just say "Look at this obvious bug in your design" and they fix it. The first part of Troy's post makes it clear that Grindr did not have halfway competent security response.
When you're dealing with a target that doesn't have halfway competent security response the only option is to actually have an equivocal demo that there's a hole which means you need to break into somebody else's account.
Anything else they'll most likely gaslight you and their users. "No, there was no hole, Troy just accessed his own account, nothing to see, fake news".