Mojo Marketplace deleted a client site?

I’m scratching my head on this.

Yesterday I did some super basic work for a guy In Arizona, not even related to WP really, I added one line to robots.txt to reference the sitemap_index.xml and uploaded the Google verification file. The next day (today) his /public_html directory is completely empty?!?!?!?!

He says he had Mojo Marketplace do the WP install, and that he used a credit card for the purchase.. THEN he finds his credit card company froze his card due to “unusual activity”

Now I’m assuming the frozen CC prevented Mojo Marketplace from getting paid and they installed some hook via file MMProbe-XXXX.php to wipe his public_html directory.. I saw that file name in FTP logs, uploaded 2 days prior, I replaced a 4 digit hex value with XXXX.

Do other users of Mojo Marketplace customers also have a
MMProbe-XXXX.php file? I’m very curious what’s in that file, and is it indeed part of Mojo Marketplace’s standard procedure?

Could that be it? either that, or his FTP account is hacked, or there is a pretty major security hole somewhere.

The big problem, the web host told this client, I must of deleted his site. Thankfully FTP logs prove otherwise, but clearly, as a freelance web developer, this is not good for business. :/