Spam emails sent from clients account

Help, I need someones assistance to figure out what is going on. A client of mine informed me a short time ago that 1000 emails were sent via their account overnight. I changed their password via DirectAdmin. It seems that somehow the password reverted back to the old password and the emails have started again. How is this possible?

Someone has access to his account perhaps? Not the user account, but the client’s account … or to your account. Is this an account on a reseller plan, or a client on a non-reseller plan?

Was that the one on London? Quite the spree. I’d say change all passwords leading up to it. DirectAdmin, portal, etc.