Also a lot of 502's today? 
Here is what's going on. Theymos posted about it today.
I think that someone is trying to brute-force passwords. Bad login attempts were handled very badly/slowly. I fixed the performance issues there, though the brute-forcing is presumably still going on. I don't have time look into it. A single IP can attempt logging in no more often than once per 45 seconds, though, so it shouldn't be too easy to brute-force passwords.