[burnished]

Strong disagree (not about the law claims, I'll leave that to the law-knowers), but the moral implications of 'crossing a line'. It reads like they revealed security vulnerabilities that had the possibility to harm others. I think they can be allowed some leeway in their methods.

[throwoutway]

Nope. That can come after responsible disclosure. Did they try the responsible path first? Looks like they notified and then kept going for another 10 days

[batch12]

> kept going for another 10 days

This is the problem I have. They kept going without permission. Leaving your key in the door doesn't give someone the moral authority to go through your house and look for other issues.

[burnished]

What if there were signs of a current and urgent matter?

This seems like the wrong time to bring in analogies, given that we all understand whats being done well enough to talk about it directly. Given that there were obvious problems that implied a clear and present danger to people it seems reasonable to take more immediate, more effective measures.

[burnished]

My understanding is that the 'responsible' path can have groups pursue you while they try to cover up and deflect blame, instead of fixing the problem. Going down that path does not sound very responsible to me.