License Keys deleted without our knowledgeAnswered

License Keys have been deleted without our knowledge.  We are not deleting them from the web site nor are we calling the LimeLM API to delete them either.  Since noticing this we have changed our password and added two factor auth.  Having said that, only a couple of people have ever had access to the original password and no one within our company would have been so reckless to have deleted keys we are using in production.  

My question is:  

Is it possible that something else (aside from our account password being hacked) might be the cause of this?  FYI, we are nearing our license key limit (2,596 of the 3000 max) for the PLUS account plan we are on - is it possible that keys are automatically purged when you hit this limit?  My understanding was that when any of the account plan limits are reached the account will be automatically bumped up to the next payment tier (as this happened to us before).  

Can someone clarify what might be happening here?  If not we can let you know the Keys that were deleted if you are able to track that in some way, perhaps via your server logs?

Answer

Nope, only people with access to your account (either through username / password and/or the API key) can delete keys.

Change your usernames / passwords, enable 2FA on all accounts. Don't allow password sharing between users (create new users with strict permissions), and only allow privileged users to have access to the web API key.

Okay thanks for the prompt reply.  We have already implemented a new password and two factor auth, moving forward we will only allow a single user (myself) to have access. 

, edited