I recently noticed that new users were added to my wordpress sites (yes multiple sites) without my doing. They were also given administrator access and the email address for all the users is firstname.lastname@example.org. Unless I didn't notice before, but does wordpress create these admin accounts by default? I wouldn't think so? All my sites were on the same hosting service.
Has anyone else experienced this? I deleted these accounts, then on one site the account reappeared again the next day. I called my hosting provider and they said my site looked fine. I plugged in my URL to other sites to see if I've been hacked and they all said my sites were fine.
I've never seen these admin accounts from WordPress before, but if anyone else has experienced anything like this, I'd love to hear any feedback.
Thanks in advance.