I've installed Magento 2 latest version last week on my server. It's a multistore site:
varietystore.ie and varietystore.es
On Monday morning on Google Analytics, I've seen multiple activities coming from China on varietystore.ie. Strange because there were/is nothing on the site and the store was in demo mode. It called my attention because they were particularly interested in these pages: https://varietystore.ie/privacy-policy-cookie-restriction-mode/
Same day afternoon I wanted to keep working on the site, Configurations, settings, etc, (you know) and learn in the process how to build extensions and how they work. I'm new to Magento but I have experience working with Zend (now Laminas).
I went through Magento's and system logfiles and I found nothing strange.
Since I don't have any "very" sensitive information on that site I wonder maybe somebody wants to take a look at this. I can send a compressed version of what I have on my server, database, logfiles, whatever is necessary to find out how this happened.
Security recommendations that I've ignored:
Not having ReCaptcha enabled on forgot password from
Incorrect write permissions for app/etc
Two-factor authentication not enabled
are there others?
I'm saying "maybe" in the title because I wasn't able to find anything strange on the server nor a bug and maybe the site was not hacked but I'm sure I left the site working last Friday.