Group/repository creation hack?

I just noticed a couple of new groups on our instance and a new project which should not have been there as regular members do not have project/group creation rights. I was running 17.0.1 until recently and just upgraded to the latest 10.8.4.

One of the groups has a repo in it with a script file.

A quick search for the user name (Jon Harington) of the repo owner brings up quite a few similar accounts on Google with different contents:"jon+harington"+gitlab&hl=en&source=lnms&sa=X&ved=0ahUKEwiSypP3gs_bAhVHhqYKHcGXAhAQ_AUICSgA&biw=1298&bih=1068&dpr=2


Update: I’ve removed the account but it would be interesting to know how this happened and what it was being used for. Anyone else here see this on their servers?