Osint

Hi. So, recently I applied for a new grad job at a company. I wont disclose the company for obvious reasons. So I was also learning about OSINT and pentesting while doing so and I thought that it would be a good idea to, as part of my application, find a little vulnerability. I found a user enumeration vuln in their wordpress website (the classical /wp-json/wp/v2/users). And might gone a little too far with the OSINT part because I ended up giving too much information about one of the users (AKA, filtered passwords from a leaked database). I documented what I did and sended an email, but really I feel like I did it really impulsivley. I don't know what to do, I sended the email yesterday (Sunday) and they still haven't answered. I'm really anxious that I will get in trouble and I don't know what to do, any advice????