"I violated the CFAA, likely committing several misdemeanors or felonies in the process, wrote up a detailed account of what I did (complete with screenshots), and then posted the account on the internet."

For the author's sake, I really hope they don't live in the USA.

Or Europe. Or the UK. 10+ prison plus civil damages in all three jurisdictions should it be prosecuted for various "Unauthorized computer access" laws. Even just browsing protected endpoints is a criminal violation. Publishing any info is even a bigger crime.

FYI, if you are a hacker:

1. Stop immediately after discovery and don’t go further than the minimal step that proves the vulnerability exists.

2. Document, don’t exploit

3. Report responsibly

4. Do not publish until fixed. Do not publish documents/images without permission.

5. Intent doesn’t erase liability: even “just poking around” can be charged under CFAA (US) or CMA (UK).

Or that they took sufficient care to remain anonymous.