Well, they also put your name on their "thank you" page and sent you a nice email! What else could you possibly want?
It might be a multi-million dollar business, but it's not like these hacks can actually cost them millions of dollars. Verizon has had employees giving out personal details to people on the phone for years, and they're still happy to do it even for the director of the CIA: https://www.schneier.com/blog/archives/2015/10/the_doxing_tr...
I think Schneier is arguing that if companies were liable for their disregard of even minimal security standards, they might pay you more to help finding vulnerabilities.
It might be a multi-million dollar business, but it's not like these hacks can actually cost them millions of dollars. Verizon has had employees giving out personal details to people on the phone for years, and they're still happy to do it even for the director of the CIA: https://www.schneier.com/blog/archives/2015/10/the_doxing_tr...