Ultimately, his sentence will be 6-12 months... but that's not the point.
FACT: he never was a malicious hacker. He always turned i8n all results of his actions to the folks in charge, so they could improve things.
FACT: he turned himself in.
If he'd just let the company in question be, let malicious folks cause damage to customers, or even just forgot to ever mention his actions... he'd be scot free. Instead, he did everything for good reasons, turned himself in, and he gets punished.
How is this a good message?
