The Paradox of Grey Hat Hackers

v3rgEz writes: Troy Hunt, a security researcher who tracked breached websites, reflects on the recent "grey hat" hacking of VTech, in which a hacker downloaded millions of kids' photos, chat logs, and more, to blow the whistle on a serious vulnerability. The attacker went way beyond responsible disclosure, offering the data directly to a reporter, but the ensuing publicity got VTech to clean up their act and maybe helped parents better understand the dangers of lax security. Is grey hat ok when it's done for the greater good?

Re:"helpful" hackers point out security bugs

[jellomizer]

But what happened if they just reported it to school authorities, without all the public fan-fair?
Was this even attempted first? If so was there enough information given out to the nature of the problem and possible areas to look at to fix it?

By stating it is for the "Greater Good" is just explaining their bad behaviors.
If you are going to do a "Greater Good" lets try the most good first. (Privately contact organization explain the problem)
Then if they don't respond or ignore it. Follow up after a week or two (they may be trying to fix it but have red tape they need to go threw)
Finally if they just ignoring you, then you can try a bit more drastic measures.