I've been trying for months to get contact information for members of a particular website. Today, I somewhat found a way in. I found out that if I create an account and during the registration process, alter the URL, I can assign myself as the primary contact of that company. To confirm that it was legit, I did it a couple more times. Now, my (fake) email address and (fake) name are associated with this company. However, this still did not reveal the email address. So, I continued at it. Finally, I was able to alter the URL so that it would not only assign me to a company but allow me to view their employee list (and email addresses). Having said that, I could (in theory) assign myself to all records, grab the email addresses and run. That would be a huge mess for the system and I do not want that for the. So, is it OK (legally) for me to tell them that in exchange for their membership list that I will reveal the flaw? Thoughts? What would you do?