A tale as old as time. And hard to defend against. Did the sellers know their plugins were going to be abused? Is there some kind of seller liability in cases like this?

I think a big proportion of them wouldn't 'know'. At least in my experience considering selling out the partners or buyers will try to keep a good image. But there are smells. Maybe the partner has their HQ in place that is a hotspot for intelligence/security industry or the deal is at such a price that it would only make sense if the asset as purchased for nefarious purposes.