Hi guys,
based on an access log one user showed me, this looks like the hacker was able to go straight in, bypassing the login page, authorization page etc. This is theoretically possible if someone stole the cookie from your PC/smartphone or was able to guess your password and re-create the cookie. For now, just log out of the template and do not use the “remember me” function.