Congrats for discovering this smart hack, although you should seriously take a course in negotiation :D. Considering the severity of this bug, the 15k they paid you should have been more around 150k or maybe even much more. Next time, contact some kind of lawyer or whoever is responsible for helping you to squeeze out a higher payment. Especially when you are really sure that
you did not do anything against the law, because you just hacked your own account, if that is really true, you would have a really strong standpoint in a negotiation. Also, while it would of course not be morally ok to hack users or steal their money and data, in my opinion, it is totally ok to try to get as much money paid for these bugs as possible, even if you consider yourself a whitehat hacker. This is because companies like facebook have the duty to secure their user's data, especially sensitive data such as credit cards which their users well being may depend on. If they fail to do so, they should be punished hard.