About 8 years ago someone had installed a password logger on Sourceforge's ssh server. It stole my password when I ssh'd back to my work computer. About a month or so later the hacker released all the stolen accounts and passwords on a hacker site. That day four different people tried to log into my computer. I say tried because two failed, but two succeeded. The second guy in noticed the first guy already there, so he killed his rival's session and quickly changed my password, which is why the last two couldn't log in. More evidence that there's no honor among thieves. The guy next tried to run a few root exploits, but they failed - I kept my Linux box up to date. Eventually he quit. He left behind no damage other than a few exploit files and a changed password.
My first inkling that something was wrong was when my user login password didn't work. I figured it was a corrupted file, so I just worked around it, logged in as root and gave myself a new password.
About 15 minutes later I read that day's Slashdot, and I read about the Sourceforge hack, and put two and two together. So I went back through my system logs and the ipaudit logs that I had. Then I had a good laugh over the story they told.