Warning for qq.com users: btc-e dev notified me about massive bruteforce attempts against accounts with *@qq.com emails specified. Some of them was successful.
I really wonder how brute force attacks on a website can actually work nowadays... if you have the parts of the data base with the hashes passwords and you try offline, sure. But actually brute forcing using the website's own login mechanism? That should be too easily prevented by allowing only so-and-so many attempts before adding captchas, delays, blocking IPs etc. Or was that using a distributed botnet attack from many IPs?