No. The poster didn't communicate the bug per the posted instructions at https://github.com/lobsters/lobsters/blob/main/SECURITY.md ; the poster actually exploited the flaw to scrape personal data of users which xe then threatened to post; and the company being promoted was nothing to do with Hacker News at all, but was a company that sells software security stuff, with which which two lobste.rs accounts were connected.