I helped someone in a tech support forum that noticed other people were on their wifi, and even when they reset the modem the person got back onto their wifi. Here's some good steps if you ever need to fix this situation and keep the douches out.

First, if this is a router you lease from an ISP, unplug it completely, and call their support line and ask to escalate it to a technician/engineer level person who knows a good amount about security. This is because most of the time people don't have enough access to these ISP-supplied router/modem combos, and you are already paying them for the service, so they might as well do it for you.

If you do not lease your router from your ISP, do the following:

Pull all of the RJ45/ethernet cables out of the router.

Do a factory reset by holding the little pin button down according to the manual for your router. You can use your cellphone service to download and read the manual for your router if you don't have it.

Go through the manual for the router's steps to setup the router by connecting your computer directly to the router, but not the internet yet. Disable wifi ASAP in the router's settings when you do this.

Change the default IP address of the router. Usually 192.168.0.1 or 192.168.1.1. Some malware targets IP addresses ending in 254 or 1, so just change it to something else. Like 192.168.0.9.

Set the admin password to a complex passphrase with the tool below and store this in a safe confidential place that you would know where it is but no one else really would know about it or be able to easily find it.

https://untroubled.org/pwgen/ppgen.cgi

https://www.lastpass.com/ - This password manager can help you store it, their technology is setup with complex random encryption so that the only person with the master password (you and anyone you give it to) to your password database can see the passwords in it.

Disable admin access over wifi.

Connect the router to your internet connection, still with wifi disabled.

Patch the router to the newest firmware, just in case there is a security exploit with the older version that they are exploiting, despite your passwords.

Disable anything like VPN or DDNS (not to be confused with DNS, keep DNS default, but DDNS disabled).

Disable WPS.

Disable bluetooth if it has it.

Disable any "guest wifi" type settings.

Don't use the "usb storage" feature on the router for now either.

On any devices you own that connect to the Wi-Fi disable any wifi password automated sharing technology. Windows 10's earlier versions used to have a feature like this called Wi-Fi Sense. Disable this, it might be getting exploited some how.

If you have Windows 10: backup the critical files on your windows 10 PC, take down info about the licensing of the software you have and do a "Reset this PC" option and say to reset everything, just in case they have malware planted on your computer that is leaking the info.

Change the wifi password to a similar passphrase that would be easy to remember but hard to hack. 4 random words that are 4 letters long each.

Bring the wifi up, and watch the connected devices, keep refreshing every minute for about 5-10 minutes. If nothing, take a breath of fresh air. Check back on it every day for a few days once in awhile.

If they don't come back, problem solved.

Now this is just to be thoroughly exploring all the ways they could be coming back.

If they do, then the problem is they very likely have physical access to the router (breaking into your house) at some point or a family member or friend is either giving them the password or leaking it to them in some way, OR a family member or friend is not telling you about all the devices they are putting on your network, or a neighbor you shared the wifi password with one time is giving it out. If it's physical access we are talking about here, talk to the police, change locks, keys, etc... Get a security camera system pointed at your door, easiest are the cloud-based ones that you can see with your phone in an app, and change the default password on that camera system, and make sure you use encryption if they offer it, etc...