I’m sure AT&T was all over fixing that issue long before he found it and told people about it.
Also, calling “changing some characters in a public URL” a “hack” is a lot less accurate than calling Gizmodo a news outlet.
Personally, I would have preferred if someone at AT&T had stopped to think about how they were letting personal data of their customers be accessed through public URLs with absolutely no attempt at authentication. That has to have gone past a lot of eyes in the company just to get the servers and the coding set up for it, and evidently no one thought it was a problem then.
