i’m convinced that this issue must be part of a intense investigation. seems this developer has been involved in a lot of projects and it’s a question if he was part of the attack or if he had been also a victim of this attack. sad but this seems not to be a security issue through an programming mistake but a offensive attack of someone who wanted to gain access in a criminal intension and from what i can understand this backdoor had been active for longer now.