I don't think DealerBuilt was targeted in this at all. This appears to just be negligence on the backup and transfer of the data. Regardless of who found the it, we should be glad it was exposed and is now fixed. People look for vulnerabilities like this all the time.