We have a mysql v5.7 instance. Which got compromised (Ransomware), Attacker delete databases and left one saying where to send money.
Anyway, The logins we found were using admin or root which were having default setting.
We deleted root and admin, including all older users, and created new users with different names. When I list users from GCP Console I seen only newly created users, while listing users through mysql shell I see an addition user (system user): root@localhost.
All GCP created users are regular user. So deleting or changing root@localhost fails.
Is it secure? Is there a way to change or remove it? Does GCP Console provide a way to create "system user"?
I have another instance which does not have root user!