My site was affected by the recent malware incident.
While sorting that out I removed superadmin privileges until these accounts had passwords confirmed reset. During that, I notice that the count of superadmins displayed above the user list is 5, although only 1 superadmin account is listed.
I am concerned this could mean that rogue accounts have been created and are being hidden in some way. Can anyone point me to a process for dealing this situation? I have a reasonable idea how the database tables work, but no idea how accounts can be hidden, or what to do about that.