Hey there.
Did you figure out how they did it yet?
Rogue plugin? Something in a theme? Dodgy past admin?
If you haven’t then maybe you’ll want to start there otherwise you could waste time fixing up the DB only to find they’ve done it again.
Checking plugins and themes are updated, no extra files, no extra code in files is a place to start. Sucrui could also help:
https://sucuri.net/
As for restoring, you don’t have a backup do you?
That would be the quickest. Else your issue is knowing which UIDs are genuine and which are fake. If they’re all admin you could run a query to remove them but just be sure to make an exception for your UID and any other genuine ones.
There is also a plugin that might help there:
http://wordpress.org/plugins/bulk-delete/
Looks like a premium add-on in order to bulk delete members though.
Hopefully this will be of some use.
Take care.
No idea how it was done as I cannot check logs with the host.
It seems like only the user ids were increased but no actual users created apart from one admin user with a blank login.
I’ve tried to secure wp-admin using WP-security but it messes up all the logins on the main site.
I have a backup but this will miss some customers who have ordered things since.
How can I reset the userids but also have the new orders/customers linked to relevant posts from woocommerce?