Database logs indicate many if not all of the intrusions in our pool were clean logins.
I know that isn't what anyone wants to hear -> but that is what the logs are telling us.
Not brute force, Clean.
All of the passwords in our system are stored salted and hashed.
I think this community can understand what that means
For this reason, we intend to institute a pool wide password reset.
I intend to make whole the account affected out my own pocket, but I can't afford to do so again
I STRONGLY urge users to use a service such as http://passwordsgenerator.net/
to randomly generate strong passwords.
Further, it would be my recommendation that users use the 'anonymous' setting for their accounts to prevent scraping of usernames.
An update to the GUI the pool utilizes, requiring the use of your email address to login (as proposed in the repository) is also likely on the horizon for this same reason.
Deepest apologies and I appreciate the patience of everyone while we make this right