You should blame anycubic for their mqtt server which allows any valid credential to connect and control your printer via the matt API. Let's just hope anycubic fixes their mqtt server.
I'm by no means a security specialist. But shit like this is the first thing I look for when I implement something. And then I organize a penetration test.
Buying a proprietary 3D printer with internet connectivity. What could possibly go wrong?
Going by the linked forum post, Anycubic has been aware of it for two months. Any competent FOSS project would have nipped that in the bud on the same day it was discovered. Incredible.