Board Thread:Support Requests - Community Management/@comment-5200993-20140218204704/@comment-303594-20140218205323

So, there's 4 possiblities:
 * 1) The passwords are very easy to guess.
 * 2) The attacker is finding the passwords out because you're using them on another site, and that site's password database is somehow being revealed to the attacker or the attacker is asking for passwords on chat and somehow convincing users to give them to them
 * 3) The attacker has installed malware (a virus) on user's computers
 * 4) People are lying, and using "being hacked" as an excuse to get out of trouble

In most cases, #4 is the most likely.