[homakov]

Public disclosure won't help btw. half of sites here didn't fix anything(http://homakov.blogspot.com/2012/03/hacking-skrillformer-mon...)

[tptacek]

Did you reach out to each company and tell them, or did you assume that by creating a public blog post about them and submitting it to Hacker News they were bound to find out?

[TheCowboy]

Did you read his blog post and see that he did report the vulnerabilities and noted which companies fixed it?

[tptacek]

I read the comment he wrote on HN where he said he didn't. But if Egor Homakov says he did, my next question is "who did he report it to?"

I've been doing this for awhile, maybe there's useful advice I can offer him.