Yesterday, we installed a plugin on our wordpress site to create a form and capture leads. 

Within 1/2 hour, someone had hacked into our WordPress Site, had changed my google password, and was trying to access my google account.

This is the plugin we used: 

https://wordpress.org/plugins/wp-zoho-crm/

Here is a screenshot (continued below)

I contacted Smackcoders. Even though this plugin was updated 1 month ago -- in September 2014 -- they said it was out of date. However, they offered to provide consulting services to me ;)

I will respond to any questions on this topic within a few days.