Not sure why they'd be disabled without invalid login attempts. We had an issue a few months ago where someone's mailbox was being disabled a few times a day, and was showing quite a few login attempts. I ran reports and couldn't find any hacking attempts, and she was entering the correct password. I came to find out that she had installed My Callpilot (the MWI, anyway) on her machine and had checked the "save password" box. She then proceeded to stop using My CallPilot and changed her password. The MWI app kept trying to check her messages for her, but was using the wrong password. Of course, if you're not seeing any invalid login attempts, this is probably not your issue.