Comment Two separate things here... (Score 3, Insightful) 194
As I understood, the colo in question was not shut down per se, it was simply severed from its internet connectivity as its upstream/backbone internet providers terminated their contract with them. Nothing special about that; business relationships are initiated and terminated all over the world every day.
Consequently, there was no "vigilanteism" in the strict sense as such, where normals citizens take the law in their own hands and act as if they had higher authority than they really have.
It was simply a case of concerned security researchers going to the upstream providers with evidence and saying "look what scum you do business with by providing connectivity, this is bad for the internet on the whole and it hurts your reputation", and the ISPs in question took action. If innocent customers of the rouge colo got hurt when the lines got cut, then they simply have to suffer the consequences of picking a bad host to buy services from.
Of course, if the proof the security researchers had gathered also proved that the shut-down colo in question had committed crimes, then the appropriate authorities need to be involved. But that is another chain of events, separate from the disconnection of the lines.