To help answer this question. I will show you how to look who is allowed access to your website. - which you already know.
I created a quick video that shows you how to add and remove/delete a user from your wordpress admin area. I hope this helps.
To answer your other question, how did these people get into your user area, other than from hackers, no idea. I have never experienced that problem with any of my websites.