I did the same thing with OP years ago, I tried to contact in every way possible the dev team of the largest telecom company in my country.
All channels were ignored, so I have to resort to contacting our government agencies. Luckily, one agency replied to me and had one of the devs contacted me. For this hassle I was only paid $50.
You have no idea the effort we go to report this things. So I quit bug hunting after that.
I mean, a16z should be very grateful this got reported by an honest hunter regardless of the means it was reported.
I stumbled upon a big vulnerability in an unnamed Czech ministry's web apps around January. It's now July and after trying the appropriate support email, the official "snail mail but digital", and calling various people's office landlines (thankfully they publish those in the org chart), it might get fixed this month.
If there is a next time, maybe I'll try convincing the cybersecurity bureau to take my vulnerability reports instead.
All channels were ignored, so I have to resort to contacting our government agencies. Luckily, one agency replied to me and had one of the devs contacted me. For this hassle I was only paid $50.
You have no idea the effort we go to report this things. So I quit bug hunting after that.
I mean, a16z should be very grateful this got reported by an honest hunter regardless of the means it was reported.