Forced password reset on a certain account in multisite

Hi,

I am trying to figure something out for a client.
We have a multisite in place and a certain user acocunt seems to get locked out every other day and is forced to reset his password.

He always receives this mail:

Someone just logged into your ‘xxxxxxxxxxxx’ account at xxxxxxxx. Was it you that logged in? We are asking because the site happens to be under attack at the moment.

To ensure your account is not being hijacked, you will have go through the ‘Lost your password?’ process before logging in again.

If it was NOT YOU, please do the following right away:
* Send an email to [email protected] letting them know it was not you who logged in.

Now, since he’s the only user that gets locked out: is it just bad luck, that he happens to login during an attack or might there be a problem with his user account?

Thanks!

Stefan