Their own fault opening the socket?
It must be a cloud thing as most Docker installations have their API sockets as a unix socket, so it appears as a file in the host's filesystem & as such isn't accessible from any network interface.
Instructions on how to expose the socket on the network is out there but even Docker's documentation states why that's a bad idea.
So for them to be exposed it's either someones done that manually or someone's provider has exposed the API socket without any appropriate Firewall rules against them