AT&T had a duty of care to protect their Data which they signally failed to do. Then some asshole finds out and makes that situation public. He did not do so in a responsible manner but four years is a long time to get for being an asshole.
If that is commonplace HN is going to be a smaller forum
Let's stop making things up about the facts of the case, shall we? Weev did not get 41 months for being the asshole that made AT&T's blunder public. The worst he could have gotten for the CFAA charge by itself would have been a misdemeanor with a maximum penalty of less than a year (and realistically, probably zero jail time).
Weev was convicted, by a jury, of fraud in connection with personal information. The jury believed he intended to sell the e-mail addresses he collected to people who would use them for various nefarious purposes. Given that he claimed he was going to do so in IRC conversations, it's really hard for you to sit there and argue that the jury was unreasonable in reaching this conclusion, and that all they are really punishing him for is blowing the lid on AT&T.
What you're doing is trying to create a particular narrative about Weev's intentions, but ignoring that the jury in this case heard and rejected this narrative.
AT&T had a duty of care to protect their Data which they signally failed to do. Then some asshole finds out and makes that situation public. He did not do so in a responsible manner but four years is a long time to get for being an asshole.
If that is commonplace HN is going to be a smaller forum