Fortunately our security systems alerted us and we were able to close the sites down quickly before any damage was done. We've since updated the plugins for our customers and cleaned up their sites.
We can't stress hard enough how important it is that everyone keeps their site software up to date. There is no excuse for not doing so. And with WordPress 5.5 you can even set things up so that all themes and plugins get updated automatically as updates become available. See the following link for more details:
https://make.wordpress.org/core/2020/07/15/controlling-plugin-and-theme-auto-updates-ui-in-wordpress-5-5/
We also recommend customers use some sort of security plugin to help protect their sites and to alert them when their plugins are out of date. When we set up sites for customers we install WordFence and iThemes security for them. These can then be customised by the user to give them the level of security they want, and allow them to get alerts. (The above two sites did not appear to have any security plugins installed.)
Please check your site now and get everything up to date, and if necessary install some security plugins. Next time it could be you!
If you have any questions on the above, or need advice about your site's security, please email [email protected] and we'll try to help.