passwords not working for cpanel?

[qwerty]

Hi

all of a sudden today about half a dozen clients complain that their normal cpanel passwords don't work.

I've checked the cpanel access_log file to see if anyone recently changed it but there's nothing in there.

Is there any other way to check to see who/how the passwords are changed? I'd appreciate a response quick as I suspect we may be under a hacker attack and someone may have already gotten their hands on some user passwords ..

[sjackson909]

Do you have a backup of your /etc/passwd file and shadow file? If so do a diff on them. cpanel stores it's user info in the nornal UNIX passwd files.