The question is how did they access your server. By default Laravel is save, but with an unsafe server or packages you can create a problem that make your project open for hackers.
You can check your server logs to find more information.
(Ps. I deleted your duplicated post)
Sign in to participate in this thread!
We'd like to thank these amazing companies for supporting us