Problem/Bug Guy with Client bypassed our Whitelist

Hey, this time i have a really important problem/question.

I am a Dev from a "big" Twitch Streamer, and one of his viewers used a hack client to join, and grief the whole hub, it was backed up, so we were able to reset it to 1 day before. It seems that with the client he changed his uuid/or other data to one from the whitelisted Players to be able to join. is it possible to fix this if i use the PlayerJoinEvent, and Just let Players in, that are in any Group from PermissionsEx? or can players bypass this too?

answer would be great!

 

@VNGC
Unless you are on offline mode/ used cracked clients, the minecraft authentication services should prevent hacks like this from occurring (the player shouldn't have been able to change their UUID, and the UUID would have to match their username)

If you are in online mode, the thing I would recommend is installing an anticheat plugin to prevent hackers like this from being able to do that much damage to the server.

 

We are using a BungeeCord network and have 5 separate servers, one of them is the lobby. because of this all servers are in offline mode, but i tought the Bungee would handle the authentication.