If random security researcher does this kind of disclosure, fine.
But if serious company that seems to offer services to seemingly plenty of serious customers acts this way, I'd not want to be their customer, if they seem to have such a cavalier attitude, disclosing stuff without even a sniff of "we notified the company about the breach".
But if serious company that seems to offer services to seemingly plenty of serious customers acts this way, I'd not want to be their customer, if they seem to have such a cavalier attitude, disclosing stuff without even a sniff of "we notified the company about the breach".