[wolco]

Never disclose things like that. It does nothing positive for you. You could endup in legal hell.

If you really want it fixed post to pastebin and the traffic will bring attention to it. But it's better to just ignore and move on.

[lobotryas]

Agreed. CFAA makes these kind of disclosures stupid-risky in USA. If the company has a bug bounty program then MAYBE disclose. You only stand to lose by trying to be a good samaritan otherwise.