The clandestine ownerof the existing session-the hacker-can, at this point, record and exploit data that is transferred between the new user and the server as long as the session remains active.
For example, when a Task is in an Opened state, the default Developer Lead is the ownerof the Task, and the record is mastered at the Dev Lead's database replica site.
Owner maps to the resource that has been assigned through the evaluation process (this is entirely dependent on your change control processes) as the ownerof the record.