Yes. We had passwd & ssh key to acces the server.
What how is ssh related to having no database password?
Many people got hacked this way.
Source?
more coverage on the issue https://krebsonsecurity.com/2017/01/extortionists-wipe-thousands-of-databases-victims-who-pay-up-get-stiffed/