[g0v]

I feel as though both parties could have handled that better. Contacting a company about a security vulnerability via a tweet, there must be a better way about that. And the company's response seemed pretty disproportionate to me.

Maybe someone will learn something from this, or maybe not.

[wfo]

It appears they might have had a lot of obnoxious aggressive sales spam BS on twitter and they've pretty much learned to ignore twitter; I wouldn't blame any company or person for essentially ignoring it, it's a silly format for unimportant things by design. And the right answer to someone saying "stop trying to scam us" is to say "I'm sorry if I came off like that but that's not what this is about" not write a whiny blog post about how nobody takes your tweets seriously.

[merpnderp]

He clearly stated that they only had a sales email available on their site, and he politely asked for a DM for an appropriate way to contact them. If a company has an active Twitter account it is appropriate to contact them through it. I've done this several times with quite happy results on both ends.

[g0v]

Well, good to know. I guess I'm not familiar with how things can be done. Thanks for the heads up.