[vpb]

Maybe contact Have I Been Pwned?, work with them to add it to their leak database, notify site owners afterwards with a timeframe for disclosure and release your findings/blog post? Give people a way to check with HIBP, site owners a way to mitigate and claim the credit for the discovery.

[password4321]

This is probably the best option for anyone actually trying to fix the problem.

https://haveibeenpwned.com/FAQs#SubmitBreach

> If you've come across a data breach which you'd like to submit, get in touch with me. https://www.troyhunt.com/contact

Good luck on your OPSEC, should not have used your 7 year old account... might hit up dang to change the account so you don't get kidnapped.

[brightball]

Seriously, this. You just publicly stated you have access to millions.

[_jvqm]

That is not a very special occurrence. I’d argue you can find almost anyone with access to a million dollars online. Just go to Twitter or so.

[j-bos]

Take a look at the hn reaction to your post, this is a special occurence. Regardless it's your decision and I imagine you have your reasons.

[_jvqm]

Finding such a thing might be somewhat special, but (referring to your comment) having theoretical access to money is definitely not a special thing.

[j-bos]

Right, and Have I Been Pwned is about findings.

[sebastien_b]

He might have tried a burner account that never got approved (so no posting showing up).

[enumjorge]

I've never been in this situation, but this seems like a good option--reach out to someone like Troy Hunt of Have I Been Pwned or a tech journalist who does security related content(maybe someone at Arstechnica?). They probably know how to raise awareness in a way that reduces their personal liability.