Analysts believe the exploit may have been perpetrated by a “rogue developer.”