[baffledshrimp]

> We decided to sneak a peak. Logging in with the “mobiteam@icloud.com” apple ID and the password graciously provided in clear text, we have identified a typical QA team account...

This provides the 'break in the case' but it's based on illegal activity. Just because a company is acting unethically doesn't give researchers a legal shield. (Especially considering a quick search led me to the probable identity of the author.)

[joshstrange]

I came here to say the same thing. IANAL but it looks like if Apple wanted (which they probably don't) they could have them charged under the computer abuse and fraud acts, even if Apple doesn't act the DoJ still can. I can understand the researcher's desire to follow the trail but in attempting to unmask the criminal did they themselves not become one in the process? This is "Ends justify the means" type thinking which is really dangerous (Patriot Act anyone?).