So some guy hacked a children's service and, in order to reveal exactly how bad it was, downloaded a ton of information and sent it to journalists. While this was overkill, or so it seems, he forced the world to pay attention and now the vulnerability is going to be fixed -- where with less extreme methods, it might not have been.
This caused one journalist to wonder if "grey hat" methods -- those which do not regulate themselves based on moral categories of "good" and "bad" -- might be good if the results are good:
But here’s the paradox of it all – the individual was worried that if he privately disclosed the security issue, he wouldn’t be taken seriously and many times, that’s exactly what happens. Either that or VTech wouldn’t act promptly or comprehensively review their systems (they had a heap of issues across many different assets). As much as the attacker (and that’s a fair word under the circumstances) did the wrong thing in the way he went about this, nothing gets an organisation to sit up and pay attention faster than an incident like this.
Here’s where it gets even greyer: if he did indeed only share the data with the reporter and he in turn only shared it with me, are we as a society actually now better off? Think about it – the airtime this incident received has caused millions of parents to think twice about putting their kids’ data online. It must have as the story has been splashed all over the mainstream media for weeks now. Parents should think twice about where they share their kids’ identities, but without this incident going public in the way it did, their views would be no different to what they were before it hit the news. -- WindowsITPro
While this analysis focuses on a specific event, the moral argument might be made larger: perhaps good and evil are useless categories, and we should look at intent and results instead. His intent here was to expose a risk, and he achieved that, so that all are better off. Perhaps the hackers have been right all along: rules are obsolete, results triumph, and all ethics are situational after all.