Don't you think then that if you asked their customer services via twitter for a way to report a security issue that the customer service rep should have sent that address?

Should have? Maybe. But, with corporations that size it's unlikely. I'm not saying this fall entirely on him, but I feel he didn't exactly do his fullest before puling the trigger on the full disclosure.