It sure seems like it to me. However, considering the climate of business ethics in this country, it's no surprise that businesses themselves would be treated poorly by customers/individuals. Businesses these days mostly seem to sacrifice all for the bottom line. If something has negative affects (to customers, the environment, their employees, etc.) they run the actuary tables and the most profitable solution wins. It's tit-for-tat.
Ransom / hostage-taking is when you take something that doesn't belong to you.
This action is taking something that you created (important, unique data) and offering it for auction instead of gifting it to the place where it would benefit everyone.
Similar to finding nudes of your neighbor laying in their driveway. Sure, you could let them know and hope for a reward, or you could put it up for auction, which is totally not exploitative. /s
Yahoo is neither my neighbor, peer or equal. There are very different social expectations when doing 'business' with your neighbor versus doing business with a corporate entity. Also, losing photos is a very different than distributing a partly defective product - you're generally not morally at fault for accidentally losing your own stuff, but you are fully responsible for accidentally manufacturing and distributing defective products.
An appropriate non-IT analogy would be noticing a particular simple way how a Bigcorp chainsaw could be made safer, fixing a risk of hurting the user - you could just let them know "hey, do X and all your chainsaws will be safer for all of us" and get nice fuzzies, or offer to sell them (or other chainsaw manufacturers) the discovery - it's your choice, and although one is much more charitable, both choices are acceptable.
