Graham Cluley
Auernheimer was stupid for not responsibly informing AT&T of the flaw, rather than trying to make a name for his Goatse Security group in the media, and this case has exposed how vague language used in the Computer Fraud & Abuse Act could be abused by prosecutors.
But AT&T were even more dumb for creating a system that could serve up customers' email addresses to anyone - without requiring a username or password.