Many large companies pay out rewards for reporting website vulnerabilities. I've discovered a way to defeat the subscription paywall on all the major news media websites - ny times, la times, wapo, etc... While not necessarily a 'security' vulnerability, it is a website bug, and it's costing them revenue. None of them have a published policy that I know of, but I feel like this falls into the category of "reward worthy".
Does anyone have experience with these types of programs? Any tips on how to go about contacting a company about the issue without feeling/sounding like some kind of racketeer? Is this an 'unethical' way to make money?