Just throwing a question out there. What would you deem fair compensation if somebody found a security exploit in your website?

This particular exploit that I discovered offered access to half of a members credit card number, as well as personal information [i.e. - full name, address, etc] for every order on their [e-commerce] website.

Since first finding the exploit, I have also been able to exploit the download section of the website. I can gain access to every file on the site, without having to purchase them. I am still waiting on a return phone call on this particular issue.

What do you think [a] I was offered and [b] what I should have been offered?

Nick