For my company we maintain around 50 WordPress websites. Recent something strange has happened.
Almost every website had a new user with the username 'admin' with Adminstrator role, emailadress 'admin@localhost' and registration date '2010-03-01 11:06:24'. The password is a MD5 hash (no salt, like a normal WordPress password), example: 1c1df24bdf22b10fce4b2a5003bdbdfa
It seems it was something automated. Even a website protected with a .htpasswd had this 'admin' user.
Our webhoster says their system is not hacked. The plugins and themes that we use are from the official WordPress website.
Does anyone have an idea how did happened?