We installed the necessary patches on 9.5.4 last night, and this morning STILL saw some logins to accounts. Need to know the following: 1. How did they get the usernames to begin with? 2. Do they have the passwords now? 3. How are they still doing this? The log is not showing much that they did when logging in or even if they got in at all using the API (the one in logs under admin) Need more information about this..