There is at least two topics I have seen where user report duplicate entry for admin1 which is presumably because they didn't follow directions and delete it previously. I would also guess that the hackers/exploiters are aware of that account.  

For a long term solution I suggested in the Ideas forum it be part of my "phpBB Safe mode" idea.

https://www.phpbb.com/community/viewtopic.php?f=436&t=2655673

Short term perhaps the password should be changed occasionally in canned message and retroactively change existing posts to something different than "admin".