I would agree accessing data would be unlawful, finding a vulnerability by "hacking" is not.
It is one thing to discover an open door, it is another to enter it. Sorry if I was not clear in what I wrote.
In my personal opinion, the internet is a much safer place because of rogue hackers that do it just to do it and not exploit. I welcome and thank them.
It are the morons like these 2 that try to game the system for exploitation that I think should be lined up in front of a small hole they just dug.
I found a bug on a website from a major company. That allowed me to re log in (to my user id) to the site with out entering my password vulnerability only worked if you had psychical access to your computer. I promptly notified the said company and they fixed it.