There's a difference between a vulnerability, and a common misconfiguration that usually comes from a "make it work first, security later" mindset.
The good that comes from destroying the DB is:
a) the data is no longer exposed to the Internet, where more malicious actors could take it, affecting the customers of the incompetent company
b) ignoring it stops being a viable option - leaking your customer's data all over the place often doesn't have sufficiently obvious and severe consequences for the company doing the leaking to discourage it. Disruption that breaks production will get their attention, and they likely will secure their database in the future.
(No moral or legal judgement regarding this action, just answering the "what good comes of it" question.)
Edit: Also, someone commented further below on the difficulty of doing it the right way - it's hard to contact the companies, and it's even harder to get them to actually listen and fix it instead of ignoring it or trying to "shoot the messenger". This approach may be wrong and/or illegal, but it it much likely to actually draw the attention of the right people, and prevent them from simply ignoring the problem.
The companies running those open databases aren't just victims; they're also perpetrators of privacy violations. In many cases, they're even collecting data for a purpose that the data subject receives no benefit from.
The good that comes from destroying the DB is:
a) the data is no longer exposed to the Internet, where more malicious actors could take it, affecting the customers of the incompetent company
b) ignoring it stops being a viable option - leaking your customer's data all over the place often doesn't have sufficiently obvious and severe consequences for the company doing the leaking to discourage it. Disruption that breaks production will get their attention, and they likely will secure their database in the future.
(No moral or legal judgement regarding this action, just answering the "what good comes of it" question.)
Edit: Also, someone commented further below on the difficulty of doing it the right way - it's hard to contact the companies, and it's even harder to get them to actually listen and fix it instead of ignoring it or trying to "shoot the messenger". This approach may be wrong and/or illegal, but it it much likely to actually draw the attention of the right people, and prevent them from simply ignoring the problem.
The companies running those open databases aren't just victims; they're also perpetrators of privacy violations. In many cases, they're even collecting data for a purpose that the data subject receives no benefit from.