Yesterday someone tried to get into a clients Wordpress install using my username, Better WP Security blocked them but they somehow had my username which I NEVER give to anyone. This particular one was 12 characters long with numerals, capital letters and lowercase letters. They got the info correct, but the last two letters were lowercase instead of uppercase.
The IP said they were in South Korea. Any idea how this could happen?