So this is really strange and I don't know what to think (hopefully this is the right forum). I run a site (concertconfessions.com) which features multiple users. While I accept the fact I get dozens of fake/spam accounts that sign up/deleted daily what I saw tonight has me rather alarmed.
Two users (one a frequent user, one has only posted once in our three year history) had their accounts compromised within the last two hours. Each had a "spam" post that was listed as pending (keep in mind both users have access to publish pieces that show up on the site while new user accounts need approval to publish to the site). I trust the frequent user not to spam, and the one time user happens to be my wife who has been with me all day.
I have of course gone ahead and changed the passwords to both accounts but this has me freaked out. Perhaps there is a major security glitch in 3.41? I have never seen anything like this in my 3.5 years of using WordPress.
If this information helps, but accounts were associated to gmail. Has anyone else seen this problem tonight/ever?