I think more than likely the student found the vulnerability and told it to the class, afterwards the instructor asked them if they wanted to disclose it and the person asked not to reveal their name. Then the instructor or another employee posted the info in all of the places it was found. I'm sure they were all posted around the same time. Now I dont know about the reported disclosure to muts, i didnt see that in the statement so I assume that was made elsewhere, but in anycase, I think likely they sent an email and perhaps didnt hear back, so they posted it?
The point is, it was a mistake, more than likely not made with malicious intent. They gained nothing except notoriety, and as I think they have defiantly learned from this event.