I just noticed a couple of new groups on our instance and a new project which should not have been there as regular members do not have project/group creation rights. I was running 17.0.1 until recently and just upgraded to the latest 10.8.4.
One of the groups has a repo in it with a script file.
A quick search for the user name (Jon Harington) of the repo owner brings up quite a few similar accounts on Google with different contents:
https://www.google.com/search?q="jon+harington"+gitlab&hl=en&source=lnms&sa=X&ved=0ahUKEwiSypP3gs_bAhVHhqYKHcGXAhAQ_AUICSgA&biw=1298&bih=1068&dpr=2
Thoughts?