I'm not generally a fan of Verizon as a corporation, but they deserve kudos for fixing the issue quickly and rewarding the OP for reporting it! This should be the norm. Too many nightmare stories of companies prosecuting users who find and report vulnerabilities.
I don't think that having two days between the contact and the fix is acceptable for something as crucial as reading anyone's e-mail. I wish they had locked down access while investigating the bug once they confirmed it (which should have taken minutes). Leaving such access open for any time after knowing about it is grossly irresponsible in my eyes.
When I stumbled across a Verizon Wireless security problem last year, their security team was the silver lining in what was otherwise a terrible experience.
(I was a bit disappointed that it took so long to find that team -- only found them through unrelated news stories asking the public to report any signs of infrastructure sabotage during a labor negotiation breakdown.)
They ultimately weren't able to help me, and I had to resort to other more drastic means to reach the right people.
It's really difficult and nerve-racking to have to deal with this type of run-around under the threat of possible prosecution.
