Would you like it if someone involved you in adjudicating potentially illegal (under CFAA & others) without your consent?

This is clearly not a white hat hacker looking to teach people lessons about security. If it were, they could have furnished a list to the major cloud providers of broken instances and given them time to notify and remediate.

No just my Webserver/HAProxy. The difference is, don't expose services that are not meant to face the Inet directly.

Production-Type Webservers are, SSH, VPN, HAProxy etc are.

Databases, devel-webservers, NFS, Samba are not!

Sure even the best hardened Service can have vulnerabilities, but that's how life is, better have a door with a key than one without, even when someone is capable to open your door with a Lock-pick.

I did not (in the slightest) suggest that people should do this. I was commenting on the "free-ness" of the lesson (read the comment I was replying to). It could have been more "free" with a little more effort. Straight-up deletion wasn't the only option.

No but a good one.

>It could have been more "free" with a little more effort.

Even White-Hats work not for free (for companys). Don't build Cars if you don't know how a break work, don't build IT-Services if you have no the slightest idea how to secure them.