I was brought on board to help recover a website that was possibly exploited by hackers, a Drupal 7 project. What triggered the investigation? My client was informed that their customers were receiving spam emails from the website.
After a thorough review of the project's code base and database. I found multiple exploits and backdoors. All of the issues/exploits were within the Drupal core. None of the contrib. or custom modules were exploited.
What was the cause? The website was compromised due to an outdated Drupal 7 core. With routine updates, this would have not happened. That is why it is important to keep up with website maintenance and security updates.