When attackers gain unauthorized access to a store, they often add extra accounts to the store control panel. These accounts have legitimate sounding names like "backup" and "system" but are under full control of a third party. 


General approach: go through your list of admin accounts, and purge (not disable) any that you do not recognize. 


As extra safety measure, we recommend to implement an IP filter on the control panel of your store, so that it only allows office and staff IPs.