Changed passwords and reset multi-factor methods for the compromised user, as well as revoked all current sessions.
