Thanks.

For severe incidents like this, please post the most appropriate link, in this case github.com/umami-software/umami/issues/3852

Admins in self hosted usually don’t have that much experience with real, active compromise and may panic, let’s help them as much as possible.

What was the vector? Did you have umami exposed publicly?