I doubt you have been hacked. They will be SPAM accounts created in the same way a real member would.
Please see the following links
Have a look at See How to clean up a board hit by spam
for some suggestions.
How to configure Q&A
- Administration Control Panel (ACP) > Spambot countermeasures> Installed plugins > click the dropdown box and select Q&A (it will be greyed out)
- Click the configure button then click add
- Add your question and answer (you need a Q&A for each language you have installed) click submit
- Click "back to previous page" then click "back"
- Select Q&A from the dropdown box (again)
- Click submit at the bottom of the page.
Please visit Preventing Spam in phpBB3
for various options for fighting spam in phpBB
If your board really has been hacked, please do the following before
making any modifications to your board (this includes changing passwords, editing files, running the Support Toolkit, etc.):
- Save an archive file comprising copies of all the files (this can be done by creating a zip or tarball of the files).
- Save a copy of the database.
- Save the server access logs for the time of the hack (they may be available in the ???logs??? directory on the server, in your host???s control panel or only by request directly from your host).
- File a report in the incident tracker. Attach the items from steps 1-3 when you file the report or upload them to a secure location for the incident investigation team to download. Please do not start a new topic on the board, the proper place for incidents reports is the tracker.