The standard email alert that tells you about a User being locked out that usually reads, "Someone at this IP tried logging in with username 'admin'"
(or some other WAG they tried using - LOL)
But even after creating a new administrative user, deleting the original admin user profile, so my main user profile wouldn't show as 'author' of any of the posts, this a.m. the locked out warning email still showed them trying the new admin name which isn't easily guessed by trying combinations of website name/etc.
At a loss as to how they could discover the user name I picked given the settings I have and wondered if I'm missing something.