Wait, she looked at the cached version of the site and found the IP address? My stars! What a hacker! (not even nslookup?) They left a database backup in a publically-accessible web folder with directory listings turned on?! That's shocking. And that's not "hacking." Finding that file wouldn't take very long or very much diligence, and zero illegal access or any sketchy scripts or even much poking-around. I'm not sure this proves anything except that the political party in question absolutely deserved to be called out for their laughably unprofessional practices -- particularly if there was donor information stored there. It would have been polite to give the devs a day or two's head's up (that's what I would have - have - done) but I certainly wouldn't call a screenshot of shitty security "bullying." Who knows whose script kiddize's robot found that file before she did and used it maliciously? People need to know that shit.