We have seen a few issues with old accounts being used.
Some account were comprimised ages ago with a U.S IP and posted spam in a section that is rarely used, then today a russian IP logged in and followed the posts using the same account that posted the spam in the first place. Very odd why they did this.
We will do the following
Stronger password requirement configured
Force password reset on accounts older than 6 months of last login.
2 Factor question on all accounts
2 factor using either sms or Authenticator for mods and admins
Turn on email notifications for logins from a different computer / phone
CleanTalk (already set up and works a charm)