In february 2015 I had contact with agilebits at support@agilebits.com and they answered me within a day. Seriously, you claim you tried to reach them, but I have a hard time believing that. What is 'not too long ago'?
He only claim he send them an email and that he then decided not to wait for an answer and publish this before they got a chance to respond. In no way is this acceptable behaviour from any security professional. In my mind he's just a kid who thought he would get some cheap points for discovering some big security issue but in the heat of the moment forgot to follow normal protocol