It's interesting because it's quite a postmodern situation.

They did do the most significant signifiers to a layman: hack, write a blog post, wait until fix before talking about it.

I'd have a better explanation for picking a target, avoid having competing versions of the story out there, avoid having one version having you targeting a company while another claims it was a general sweep, get the collaborators together and at least credit them in all versions if you can't get people to agree to write one post, avoid exaggerating, avoid claiming you hacked other companies, and add a contact or two before releasing the vulnerability.

Comparing a Project Zero blog post to this is a good idea, I went off of memory.

As it stands it sure sounds like some people were hanging out in Discord, scrolled through some JS in dev tools and / or ran some automated script against a site, then got puzzled and downloaded a pwner GUI to do the hard part, saw a fix, then rushed to write blog posts and stepped on each other's toes, one wildly exaggerating who was hacked while covering up details, another being honest but had ~0 idea of what they were supposed to say