My thoughts on the matter may have evolved over time while interacting with other people in the thread. While I do still believe it could have been an attempt at blackmail, I think it most likely was not, even though the researcher clearly must have downloaded the entire database ahead of time based on the chronology presented. In that case, I can see how I have apparently contradicted myself. But I can assure you, I am not acting in bad faith.
I never thought you were acting in bad faith. My assumption was that you were gaslit like every other non-security person has been, where you were willing to shoot the messenger (the researcher) instead of the person creating the problem (the CEO). My problem wasn't that you were lied to, my only problem was that you were repeating a common lie that I think needs to die.
People operating in bad faith give up or hide when they notice their position is weakening, people working in good faith respond, and acknowledge the weaknesses in their ideas. Like you are doing.
