How to not be removed from a newsletter

I today received a mail from a well-known opt-in massmailer company (that sells your email address faster than you can blink with your eyes). It contained a ‘remove me from newsletter’ link in the following format:

http://www.xxxnameofcompanyxxx.com/index.php3?url=mailoff_m.php3&b_id=3963990

and I couldn’t believe it: incrementing or decrementing the ‘b_id’ parameter and pressing the ‘Remove’ button reveils the email addresses and usernames of more than 4.000.000 newsletter subscribers. Including mine.

What to do now? Contact them? contact the press? Any hints?

[update:] I sent them a mail and they modified their script and stop showing the email address. the username is still shown and it is still possible to remove everyone from the newsletter.

This work, unless otherwise expressly stated, is licensed under a Creative Commons Attribution-Share Alike 3.0 Unported License.