[warrenm]

Why didn't you report it?

Seems somewhat negligent - at the very least from a Good Samaritan™ point of view

[skinnymuch]

You're replying to a comment about news of someone being arrested for a similar thing.

[warrenm]

There's such a thing as anonymous reporting

[skinnymuch]

What if you don't do it anonymously enough? And they trace it back to you? Not that this has ever happened (I have no idea. I'm assuming not). But being paranoid isn't unwarranted either.

[JohnGB]

If he reported it, he runs the risk of the company turning on him (as was the case in the article above). If he doesn't report it, nothing happens.

It's a choice between the certainty of no loss vs the possibility of great loss.

[kodfodrasz]

If he does not report it, and somebody else does, then he runs the risk of being rightfully accused of hacking, as the motivation can be understood as financially motivated.

[warrenm]

Budapest != United States

[grrowl]

You're often opening up yourself to a LOT of bad exposure, where you'll be accused of hacking the software (along with the 20+ jail term this might eventually entail) and just generally putting the spotlight on yourself as a potentially dangerous person.

Better to report anonymously, or report directly to someone who might appreciate or is responsible (and hope they appreciate responsible disclosure).

[Antrikshy]

Did you not see the top post?

[Cerium]

Reporting these things can get you in trouble. Once burnt twice shy.