Originally Posted by Mike L
Can't help much with the breach, but would suggest locking out ALL IP addresses from China.

I've been thinking about that for awhile. Every time I get some bogus user from China sign up, I check what range of IPs their provider is and put the entire range in my iptables on my server. By now I've probably got half the IPs in China blocked. Guess I need to just go get the rest of them in there as well.