Ahh, I see the message now. But he also says:
This could mean a lot of things, but I personally would only say that if I could verify from the logs that the login requests all used the same dummy password (only intending to trigger the login counter), and didn’t try to cover a range of passwords.
Regardless, changing your password is hardly ever a bad idea.
I wouldn’t be surprised if it was an ex-Doper. Slightly different situation, but an ex-coworker of mine launched a DDoS attack against the company that fired him (not who I work for). That little stunt earned him a felony.