Hello, I'd just like to inform that it's the second time my account becomes compromissed on Minecraft, as a Server-Admin. My password is about 20 chars, making it nearly impossible to bruteforce it. But yet again, my account was used to grief the server. How did they do this? They did not change the password.
Is it in offline-mode? (obvious question but needs to be asked). If yes, then you know the lengthy story about authorization. If no, then there is a bigger issue...and you need to explain in further depth about how/what/when etc.
You're using a "hack" client/mod, or a launcher. Uninstall any and all mods/launchers now, and run MAB (Malware bytes, assuming you have a Windows comp, if you're on a Mac then don't worry about it).