Out of the blue I got an email today to say that there is a bug in our web site and that the sender can access our database. They attached screenshots where they can indeed access our database. They want me to contact them for advice on how to fix it. What do I do??? Where could the breach be???