Possibly security issue

Thanks for the update, At least I know what it was, so I am not ripping my hair out today, was it just the files, or did this leave traces behind in the DB? I have scanned and verified all files. All is clean, but DB is another issue altogether.

It seems the DB was not affected, at least nobody reported any such issue.

Since wp-config.php was clearly accessible and presumably compromised, I assume it would be prudent to reset the database user and password?

Any other security implications?

Yes, this is a good idea.
No other implications are known at this time.

Is it worth sending a ticket on the main site with our license key to see if any additional info can be provided not in public for users that can create their own server-side firewall rules, WAF rules, etc.?

Also, I have gone through my DB after doing a dump, and I cannot see the typical things you look for straight away in a hack, so fingers crossed.

Still putting the picture together.
The databases don’t seem to be affected.
We are also keeping fingers crossed.

@spacetime Everything on my site has been stable since 2.7.16. I appreciate the quick response by you and your team.

But now that the dust is presumably settling, are you able to offer an explanation for what happened? Was it an active hack being exploited? A bug or conflict? Something specific to particular host configurations? And why was it triggered at a specific time. Any time multiple websites are getting completely knocked offline and crucial files deleted is a rather big deal, after all.

As a long-time user of AIP, I for one would appreciate more information on what went wrong and what measures are in place to prevent it from happening again. If not here, then perhaps through your email list? For those of us for whom any downtime means lost revenue and recovery costs, it would be reassuring to know that the problem is definitively solved.

@pxlar8 thanks for the feedback, the issue is now resolved.

In this case the update process was compromised.
Protective measures were applied to the server side and to the plugin.
I can’t provide any details here but the problem is now solved.
The plugin is also used on our sites and we implemented
additional monitoring to detect and prevent similar issues.

I would like to thank everybody for their patience and understanding.
It was a hard time for us too.

As a percaution because of the issues with corrupted or missing files I would suggest restoring all the files from the backup and then updating all plugins and themes. It seems the database was not affected.