Isn't that company on a Bug Bounty?
Is there a security part in its website to communicate with them using their PGP key?
If so, be careful about what you are doing. Some companies are prone to prosecute you based of this kind of behavior (and the Internet is not going to help on that).
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Isn't that company on a Bug Bounty?
Is there a security part in its website to communicate with them using their PGP key?
If so, be careful about what you are doing. Some companies are prone to prosecute you based of this kind of behavior (and the Internet is not going to help on that).