So what happened? Did many users use accounts with similar names on other services that turned out to be frauds or got hacked and then the passwords from there were used to login here? At least make the capcha go away after the first successful login.

Recently someone has taken to using 5000+ IPs to bypass rate-limits and try many passwords.