make sure the cpanel info wasn't compromised either
NW server does not run cPanel or any comparable software. The server itself has not been compromised purely the domain. These cases proof why its good to give every service and every account a different password