Just as the title says, we have a website that uses third party smtp credentials to send emails, but, we keep getting our smtp credentials hacked and used to send spams emails, which results in our smtp account suspension, we first used ses, and then figured that we need to add spf,dkim and dmarc, after we added them, we moved to sendgrid, got hacked again, teammates think it is because of weak password to access sendgrid, but i do not think so, because password test says it is strong and requires 2 thousand years to crack, we do not really know the problem, we are using laravel 7 for our website, how is the hacker able to access .env file ?
Help, please.