I said and meant “demand” very specifically. If I find a vulnerability of a vendor via any means (including research) and demand that the vendor pay me to withhold or defer publication of my finding, that accurately fits the definition of blackmail. By demanding payment (“or else!”) I am threatening injury (giving information to hackers or just hurting the vendor’s reputation) to the vendor in exchange for financial (or other) gain.
(This does not apply if the vendor already has a policy of paying for vulnerability discovery and private disclosure.)
The crime involving a threat for purposes of compelling a person to do an act against his or her will, or for purposes of taking the person’s money or property.
The term blackmail originally denoted a payment made by English persons residing along the border of Scotland to influential Scottish chieftains in exchange for protection from thieves and marauders.
In blackmail the threat might consist of physical injury to the threatened person or to someone loved by that person, or injury to a person’s reputation. In some cases the victim is told that an illegal act he or she had previously committed will be exposed if the victim fails to comply with the demand.
Although blackmail is generally synonymous with Extortion, some states distinguish the offenses by requiring that the former be in writing.
Blackmail is punishable by a fine, imprisonment, or both.
NB: It doesn’t matter how the threatening information is obtained (or what the information is); it is the act of using it as a threat to demand hush-money that makes it “blackmail”. If I see you fooling around in public with a woman who isn’t your wife, and threaten to tell your wife unless you pay me $1000, that is the same as discovering a security vulnerability and threatening to take it to the press unless you pay me $1000.
The only ethical choice is to disclose the vulnerability with no requirement for a reward (unless the reward is generally offered by the vendor with no coercion), but it is also considered ethical to give freely the vendor a reasonable and unbiased and firm advance notice.