This reminds me of the state machine attacks against TLS.
I somehow find comfort when I read similar articles and they contain a section where the author outlines when they reached out to the company, how they treated his submission, and conclude the fix has been applied. This article is missing that.
“… but the servers have now been patched to make sure both seats don’t have the same account and JWT for matchmaking games” From this I gather they were responsive and, I assume, appreciative.
Their previous article did include that: