"Everybody" (i.e., everybody who thinks about this for 20 seconds) knows about this. Licensing is a matter of throwing up enough roadblocks to prevent the majority of users from easily bypassing your checks. There is no way to stop a determined attacker. That effort is likely better spend on developing new features.

I wrote several 'licensing systems' over the years. It's a honey trap for developers - it's so easy to overthink it and spend months on 'hardening' your licensing, to the point where you have to check the generated assembly to see if your compiler doesn't do something clever where now all of a sudden 'cracking' your software turns into replacing a single JNZ instruction with a JMP. If you really 'need' protection against this, you use a 3rd party product which essentially converts your program into something that runs on their proprietary virtual machine.

But if you do online license checking - how do you even 'fix' this? It's trivial to MITM all requests. So now you have to obfuscate your API calls, put in extra layers of crypto, hide your private keys for that will enough in your machine code, ... All of which will be cracked by someone halfway experienced in a matter of days. I think it's most likely the companies the GP reported this to just decided it's best to not bother until they have actual proof that this is a wide enough spread problem for them to make it worth putting in significant dev resources (because it does require significant resources).