I have a weird cognitive dissonance around these security/hacker things.
On one hand, I love that an individual has looked at a system, grokked it, and then built an exploit to make the system do something it wasn't supposed/designed to do. That's just great hacking, analysis, deductive reasoning, and problem solving. It's intellectually satisfying.
On the other hand, it makes me itchy because I know many hackers, and some of them are really unpleasant individuals with impure motives. Sure, they claim to be white hat, but they do get a real purient endorphin rush from getting in and seeing what people are doing, without their knowledge. That squicks me out. Makes my skin crawl.
Back in the day, I was a System Administrator for UNIX and Mac-based mailservers.
At any time I could log into a user's account and see all their email. We never really talked about this capability, but when someone accidentally sent a 5Mb file over a 1200 baud modem, you had to go into the mail queue, find the email jamming up the system, and delete it. Or if someone typed bad characters into an email address and hosed the sendmail system, you'd have to go in and delete the mail to free the system up to process other queued messages.
I even got into an executive's email account, and redirected an email to a new address, when he mis-addressed the original email to the wrong person.
People were grateful of the SysAdmin's ability to get in there, and fix these problems. But they never really thought beyond that, and realized, "Hey... hang on... if he can get in there and read THAT email... then he must be able to read my OTHER email!"
Employees would leave the company, and I'd have to scan through all their email to make sure they weren't doing anything shitty. I'd see everything they sent, received, replied to, deleted... all of it. Because I had to. Did he send those circuit board plans to anyone outside the company before he left? Oh look. He WAS having sex with the woman in accounting. Delete. Forget I ever saw that.
So in the end, yeah, this stuff isn't new. And it is no longer solely the domain of SysAdmin's with principles and integrity. Now it rests in anybody's hands, really.
And a lot of people suck.