It's great to see attention being drawn to responsible use of cloud services, which for most part have safe defaults. I absolutely support, responsible disclosure but it is always uncomfortable to see that security researchers (this particular team) goes beyond vulnerability discovery and handles the data directly. Who is responsible for safe disposal of the data they downloaded and analyzed ?