What I personally find "unbelievable" is that one needs to go to Twitter to find contacts (a human) or the security team.
I mean, how difficult can it be (or how much does it cost) to have a "security@company_name.com" mail address and actually monitor it (particularly for large companies that actually have a security team)?
On a very minor-minor scale, a few years ago, while I was looking for some information on the settings of a router, I happened to find out (no Shodan, a normal google search) a number of instances of that given router "homepage" that were:
1) accessible from the internet
2) set with "admin" as password
All in all I found some twenty or so of those, since the model was more "soho" than "enterprise" I managed to contact all the people at the "small firms" involved, the exception were two (large, international) companies.
In the end I found a way to contact one of the two, the other one was simply impossible.
I was surprised to figure out kibana doesn't have any access authorisation out of the box, which results in cases like this in companies, where security is treated poorly (by large, most of japanese companies).