In the forum post describing his exploit, the user says he "was able push public builds on all data such as uTorrent and more. I had master keys to everything, including DNS level material...Once I sat down [and] reviewed what was on my screen I concluded it was in the best interest to notify the company immediately."
uTorrent is a BitTorrent client owned and operated by the company itself. This was obviously a sensitive vulnerability, so MentaL notified the company and was offered a $500 check as a reward. He accepted, but when it didn't show up in a timely manner, he got peeved:
"A [different] hacker recently found a bug in which he was able to reset passwords and got £20,000 reward, me? I got the entire source of ALL products / webpages / DNS / financial documents and more and in the end they offered me $500. I felt insulted...They make millions a year in ad revenue alone and I never released, tweaked, sent fake builds or nothing out to any user and I feel insulted."
MentaL goes on to post screenshots of the data he was able to access as proof. This strikes us as pretty self-righteous.
BitTorrent did not immediately respond to a request for comment.