As far as I’m aware it’s always been possible to bypass an iCloud activation lock (by directly interfacing with the flash storage) - however now the barrier for entry is so much lower with online services offering activation lock removal with a quick turnaround time.
Louis goes into much more detail in the video, however it’s likely an insider at Apple doing this.
My main takeaways are: It’s unlikely Apple is going to do anything about this, since these stolen & reset devices are bringing more users into the Apple ecosystem, as well as driving AppleCare sales (theft cover) and purchases of new devices. Also, since no user data is exposed, they aren’t necessarily at risk of bad press, since the privacy of the original owner is not compromised.
Do you think Apple will fix the process flaw allowing an insider to unlock these devices with no consequences?
Edit: Fix typos