I’m glad they did closed it. Some just don’t bother. A particularly outrageous case from my practice: I’ve found an online store whose database backups were publicly available, complete with customer names, shipping adresses and order information. They closed it eventually, but I never even received a reply to my messages.
Sadly I get the same thing probably 50-60% of the time. Zero acknowledge and it remains open, or zero acknowledgement and it just silently gets fixed (which is fine, at least they fixed it).
I just hope they paid you after all :)
(Yes, this might sound weak, but it’s also a very important aspect of security research and disclosure etiquette)
They didn’t. I didn’t ask and they didn’t offer. The only thing that was exchanged here was emails back and forth. :)