BattleDash - "Here's XSS, Account Takeover, Ban Reversal, and a heads up before I publish it"
EA - "So here's $0."
If anyone is at EA, this man just saved the integrity of your entire empire, you might want to give him at least a token amount.
When I was in college, I once found some bad exploits in the sims social on Facebook, the subsidiary (Playfish?) behind it asked me for my address and which console I owned and then unexpectedly sent me a huge number of games and goodies. It was great. Better than money, I think (I sold some of those games anyway).
I reached out to employees via unofficial channels. I'm sure if I had spoken to some exec I'd be in jail right now.
My experience with big companies is even if the whole IT security team thinks this is worthy of a bounty, and the team has plenty of budget they could allocate to it, the process of giving money to an individual is frequently so difficult to get through the bureaucratic purchase order system that it's basically impossible to do unless you are contractually obliged to pay.