If I'm not mistaken, a bunch of GET requests against a public API, unfortunately setup to not require authorization credentials and yet still exposing nominally 'private' data.

Nuance is a hell of a thing.

That's correct. It was basically:

    wget http://att.com/obscure/url?id={1..114000}

Aaaaand that's a prison sentence.

114,000 '200 OK' responses = 41 months in prison.

16 minutes in prison per request.