On Wed, Dec 16, 2015 at 6:19 PM, Kevin Grittner <kgrittn@gmail.com> wrote:
On Wed, Dec 16, 2015 at 11:16 AM, Dave Page <dpage@pgadmin.org> wrote:
> I've blocked those two users, and it looks like Alvarro has done > a few more.
There seem to be a lot of user IDs involved. Do we know whether there are new user registrations happening, or were all these set up before the attack?
There are new user registrations happening. Not sure if those are the ones used, but there definitely are.
Either they've found a way to script-generate gmail addresses, or they have found a way to break the django hashes.