Disclaimer: English is not my native language and I'm not that good at writing.<p>Backstory:<p>I was checking my account on the website of a well known computer-related company (I'll keep it anonymous for now) and I found out that they were giving away some games for those who purchased some piece of hardware of a another brand.<p>Long story short I found the username and password of their sendgrid account (by decompiling one of their programs) and was able to login successfully.<p>Why am I asking this question? Well, I don't want to be sued for hacking since I'm a student and I don't really have the money/power to defend my self.
First thing is to see if the company has a bug bounty/responsible disclosure programming. If so make sure that what you have done falls under said program. Otherwise it is not worth the risk to you. If you still feel motivated to do so, let them know through anonymous channels or contact a well know security researcher who will be less of a target if said company decides to take action.