[RKDinOKC]

Found out what was going on with our users accounts getting hacked!
All of the users that are getting hacked have Microsoft Dynamics CRM.
You log in a do things via the web.
If you use the same browser window to access other web sites hackers can get your credentials from the broswer cache thru a malicious web site or even an ad on a web site. (make sure you logout and close your browser window after any on-line banking!)

Log out and close the browser window!!!

Also they (VPs) would not let me turn on Multi-Factor Authentication until this week. And are still only requiring it for "high risk" employees.