Would you rather that I hadn't, and instead just wiped the box?
How about I changed every DNS record for every domain to something like goatse.cx?
In perspective, it's not a dick move at all. I'm not academically subnormal, I wouldn't do stupid things with a public Twitter account excluding make it noted that it's temporarily under someone else's control. What's more, I willingly relinquished control of it back to Lucas about an hour later.
That's a false dichotomy. You didn't have to post on their Twitter account, just like you didn't have to wipe a box or alter DNS. I hope if you learn one thing from this, it's how real responsible disclosure works.
I didn't have to at all, correct. But like you said, one doesn't have to wipe the box or redirect everything to goatse, however if you give many people the ability, there will be 10% who will do it. In perspective, me posting on the Twitter account (which was easily remedied, and like I said control was willingly relinquished) wasn't much of a bad thing.
I 'think' what I did was a relatively good thing. I never claimed it was, nor would I use that sort of thing as a defence. Everything that I have a say in is under control of phpFog now, and no data was lost. Anything further is completely out of my hands, I can only do so much.
I think we're in danger here of arguing in circles, but let me just say that I think the mindset of "I could've done so much worse, but I showed restraint, therefore It's (relatively) okay" is very troubling to hear (and I know it's not just you that thinks this way). If you broke into a home, and only broke a few lamps and changed the locks on the doors, and then tell the homeowner "no hard feelings, I mean I could've burnt the place to the ground", you sound like a mad-man -- but because this is virtual, the impacts of your actions aren't so immediate or easy to feel, but they're still there (downtime leads to loss of consumer confidence, leads to loss of sales, leads to loss of jobs and livelihoods, and on and on). However, it doesn't mean there aren't real, financial, consequences to the actions.
I realize everyone makes mistakes, especially as teens, but I just wanted to voice my opinion that this mindset people seem to have where because they didn't {burn the server to the ground}, they shouldn't feel bad is both naive and dangerous, and if I were you, I'd do my best to drop it, learn your lesson, and move on. Best of luck.
One thing you should probably watch out for in all this is that you've used your real name and your website is personally identifiable. Depending on the Laws in your jurisdiction, what you've done (getting root on the phpfog server and accessing their twitter account) could be a criminal offence.
Indeed a quick look at Queenslands Cybercrime laws shows up
"The Queensland law introduced in 1997 uses the heading 'computer hacking and misuse' but the offence is defined as the use of a restricted computer without the consent of the computer's controller. A restricted computer is defined as one that requires a 'device, code or sequence of electronic impulses' to gain access. There is a penalty scale of two, five or 10 years maximum term of imprisonment depending on whether (1) an offender simply uses a computer, (2) causes detriment or damage, or gains or intends to gain a benefit, or (3) the detriment, damage or gain is valued at more than $5,000."
