When the Moodle was first installed, user ID 0 was set up for 'guest' user and was a manual account automatically setup. It should remain manual and the password should not be changed ... even if you do not allow guest access to the Moodle.
Your log reference that shows user ID 0 (guest with no password) changed a password indicates to me some admin level user has been playing around with users.
User ID 1 was the person who installed (assuming it was installed by a human). Default username for the account was admin. That account should remain manual. It was also set as the 'primary' admin Moodle user.
Some installers (human or script) change the default 'admin' username to something other ... many not really understanding it's purpose actually change the admin user name to what they want as a username ... like Bob Jones Installed it ... bjones.
Check the permissions/abilities on all roles. Yes, that's a lot. But if they got in and changed passwords they could have easily messed with roles.
While it might break things, you might have to reset roles to their defaults and work on whatever tweaks you might have done there again.
'spirit of sharing', Ken