Email accounts can become compromised in many ways unless the proper security precautions are followed. When an email account is compromised its usually used by bot nets or hackers to send spam or virus emails to other email accounts.
There are many ways an email account can become compromised. But it usually happens from having a virus or malware on a computer or device that also is setup for email. Or it can happen from using easily guessed passwords or repeating the same email and password in many online accounts. Or from simply clicking a bad link or opening a bad file.
When an account is flagged for sending virus or spam the password is reset and the account is disabled. Sometimes this happens automatically by the email system security settings. Sometimes it happens manually because of our own monitoring work.
If this happens to an account the most important thing is to not use the same password again. The second step is to make sure the user has scanned their computer and devices for malware or compromised apps. You can re-enable the account as long as its not a password that they have already used.
Also make sure that all users are using secure email settings as listed in the email settings for your domain. You can find the settings in the admin area > support tab > email setup information link of the website. The secure settings would keep users credentials from being compromised in transmission. That is especially important on public internet connections or insecure WiFi networks.