You can say that, but he was going to get $0 if he already didn't have internal connections to google.
If these companies try to cheap people out of what bounties they offer, then they need reminded that they're not the only game in town that'll pay for exploits.
This is the correct takeaway. It's damaging to their reputation to not admit the error and cheap out like this. I would hope they at least split the bounty between the two researchers, the one who initially raised it (but didn't complete their report?) and this one that had a fully documented chain.
Instead, you should sell the exploit on the exploit dealers sites. This is easily worth $300-500k
But not now. And you have the 'privilege' of being dicked around with people googling you.