site was hacked? site-bundle.js? changes in GIT history I didnt make? Help!

[shellyky]

Customer notified us that our site may be hacked. Sure enough I went to it and noticed it basically redirected me to a full page "your version of chrome needs updating" which looked super fake, and then Norton caught a download saying Chrome_67.9.17.js will harm your computer, do you want it keep it anyways.

So i login to the admin panel and in the GIT HISTORY it shows that one of my users which has never even logged in before, has sent an upload: site-bundle.js last week, along with some other big list of files

How do I go about doing anything about this? I'm not used to squarespace. In the old days I'd just login to my FTP and start navigating to the files in question. But I have no clue with this stuff.

I put in a support ticket but im afraid they aren't going to offer much help.

[MaxZ26]

@shellyky Get into your site's Settings -> Advanced -> Developer Mode, and enable it. Then you'll get the access info to get into your site's FTP and find out what's going on without waiting for SqSp support.

[gusheva]

Same thing happened here. Did you manage to solve the issue or get help from the support team?