It looks as if they are creating the user with admin rights through the wp-user table and wp-usermeta table. As the id is something like 10101 instead of 1,2,3,4 etc.
The user name is " " and they are admin. Not much else except a password.
I tried to create a user through the dashboard like that and it doesn't like spaces for the user name even in " ".
Can I lock this table from being edited except by me?