1) Tad Devine lied when he said that the Clinton campaign accessed Sanders data in October. (See above screenshot.)
2) The four accounts of the Sanders campaign’s National Data Director Josh Uretsky and Deputy Data Director Russell Drapkin are the only ones from any campaign that took advantage of the vulnerability to copy and save date from another campaign:
The database logs created by NGP VAN show that four accounts associated with the Sanders team took advantage of the Wednesday morning breach. Staffers conducted searches that would be especially advantageous to the campaign, including lists of its likeliest supporters in 10 early voting states, including Iowa and New Hampshire. Campaigns rent access to a master file of DNC voter information from the party, and update the files with their own data culled from field work and other investments.
After one Sanders account gained access to the Clinton data, the audits show, that user began sharing permissions with other Sanders users. The staffers who secured access to the Clinton data included Uretsky and his deputy, Russell Drapkin. The two other usernames that viewed Clinton information were “talani" and "csmith_bernie," created by Uretsky's account after the breach began.
The logs show that the Vermont senator’s team created at least 24 lists during the 40-minute breach, which started at 10:40 a.m., and saved those lists to their personal folders. The Sanders searches included New Hampshire lists related to likely voters, "HFA Turnout 60-100" and "HFA Support 50-100," that were conducted and saved by Uretsky. Drapkin's account searched for and saved lists including less likely Clinton voters, "HFA Support <30" in Iowa, and "HFA Turnout 30-70"' in New Hampshire.
3) The 24-plus lists created by Uretsky and Drapkin were not the sort of things people testing for bugs would put together as part of a bug hunt. They are, however, the sort of things people looking to commit political espionage would create:
4) The DNC's data vendor, NGP VAN, was the entity that found out about the breach — not the Sanders campaign.