Board Thread:Support Requests - Community Management/@comment-5200993-20140218204704/@comment-1038387-20140218223420

Could be the Facebook type of "someone hacked my account", namely, "I used a shared pc and forgot to log out". Even that should be taken with a grain of salt.

That's why I think the OP should at least check the compromised accounts, why it's them and not others. Do they use school or library pcs? Are they from the same general area? How long does it take for a new password to be "hacked"? What kind of vandalism is it - is it the usual obscene stuff, is it simply not following certain policies, or can you detect a certain animosity towards users on the wiki? Does he have knowledge of the wiki? Has there been any conflict on the wiki, or have the afflicted users been involved in conflicts on other wikis?

While finding the culprit - if there is any - may seem important, it's not the top priority. Okay, you've narrowed down the IPs he uses! Let's block him and go on as if nothing happened... nope. If the culprit uses malware it's still on the pc(s). The block is fairly easy to evade by switching IPs, or using proxies. You have to run an antivirus program just to be sure. Even the standard and free ones should be able to find it, if it's there.