Automatic Discount added somehow

-- url of the page with the problem -- : n/a
-- HikaShop version -- : 4.0.2 -> 4.1.0
-- Joomla version -- : 3.9.6
-- PHP version -- : 7.1.x
-- Browser(s) name and version -- : various
-- Error-message(debug-mod must be tuned on) -- : na

We have a site where only 2 of us have admin access and we rarely access the admin (because the site just has worked fine almost on auto-pilot - other than regular updates).

We were running on 4.0.2 and about 5 weeks ago somehow a 15% discount was added that gets applied to all orders.

The problem is that neither of us that have admin access created that discount - nor know who might have done that.

Was there any know security issue in 4.02 (or previous) that would have allowed that type of access somehow?

I looked at the coupon/discount table and there isn't any way to tell who/when that discount was created (not even a created date or created by field). It would sure be helpful to be able to see by who and when discounts/coupons were created (and last modified).

We've since unpublished that discount and have been tightening the security across the entire site (new passwords, and other site hardening).

Any thoughts/tips appreciated.

Yes, it is VERY strange, and with only 2 people using the admin you would think that one of us would remember this - but we don't.
Thanks for mentioning the system logs - just didn't think of that, and that should help with this case because only 2 admin users and we don't regularly log-in.
However, I work with another web site where there are over a dozen staff members with admin access and all are logging in every day so IF this were to happen on that site the system logs probably wouldn't help, so adding date and ID for create and modify to that table would be very helpful to prevent issues like this on that or other similar sites.
Thanks.

FYI .. I did check the User Action Logs and there was nobody that logged in between 2019-06-05 and 2019-06-24.
The first order that received the automatic discount was on 2019-06-14.
The discount was configured to apply to ALL orders (and all orders from 2019-06-14 and after (until we disabled it) got the automatic 15%. There were no other types of restrictions on the discount to limit it to certain users/orders.
However, there were a number of orders between 2019-06-05 and 2019-06-14 and they did not get the automatic discount.

So the discount must have been added some how by code (or some other means that doesn't get logged in the user action logs).

Just very strange.

Nope. No start/end dates were entered, and no other 'restrictions'.
Just very strange.

The only couple things that I've noticed ...

We are running the nightly cron job for hikashop for updates - maybe that somehow got hacked (but again can't imagine why that would happen).

We have been getting a LOT of bot hits against this site (mainly 404 Shield notices from Akeeba Admin Tools). This site has historically gotten a lot of bot traffic.

The site has been scanned by MyJoomla and appears to be fine (re:security)

This is just a VERY weird. Not sure if we can ever figure this out without having that created by/date data within the discounts table. So hopefully that feature could be added in the future to be able to address this type of issue (and just provide general historical info on that data file).