[aeternum]

>That's why we have responsible disclosure. It does not make it okay to exploit security holes for profit.

I'm not aware of any bug-bounty or responsible disclosure method that allows spear-phishing as the attack requires impersonation/fraud. Is there one?

[SahAssar]

Responsible disclosure does not equal bug bounty. Just because you found a security hole does not mean you are entitled to a payout.

The responsible way to do this would be to prove the access to twitters security team and not exploit it for personal gain. You can even just post it publicly, just don't try to scam people and profit based on the exploit.

Do you think that just because there isn't a bug bounty for a specific exploit that gives you a free pass to exploit it for personal gain?