You are 100% correct. There are many additional pieces of evidence they could have. For example, they could have done things like fingerprint scans of “scorecard.indivisible.org” and found more information. If the server at that address was available and a web server they could have done an application scan, if it was utilizing poor transport layer security (vulnerable TLS/SSL) they could have man-in-the-middled an existing session and collected data. They could have used some of those exposed credentials to login and take screen shots. This is all hyperbole and conjecture but it could absolutely still be sealed as evidence. We just don’t know. What I can say is this data and testifying as an expert witness has won court cases. So chin up, we’ve got good things going to expose this fraud :)
You are 100% correct. There are many additional pieces of evidence they could have. For example, they could have done things like fingerprint scans of “scorecard.indivisible.org” and found more information. If the server at that address was available and a web server they could have done an application scan, if it was utilizing poor transport layer security (vulnerable TLS/SSL) they could have man-in-the-middled an existing session and collected data. They could have used some of those exposed credentials to login and take screen shots. This is all hyperbole and conjecture but it could absolutely still be sealed as evidence. We just don’t know. What I can say is this data and testifying as an expert witness has won court cases. So chin up, we’ve got good things going to expose this fraud :)