I received a notification last night that someone changed my shipping address on Macys.com and when I visited the website, there was an open order for a PS5 with delivery to:

DONT IEPN 203 W PITTSBURGH AVE WILDWOOD CREST NJ 08260

After logging into Macy’s I got 43 emails at once to seven different services like “Excalidraw” and “Sportograf” trying to login using a magic link.

At this point was was pretty nervous so I checked my main email security. Sure enough, there have been repeated login attempts under my account going on every few minutes for weeks.

I also saw there was an attempted login to my cellphone or home internet company.

I use 2FA, authenticators, etc. Basically what else should I be doing? Is there any way to be more preventative? I really don’t wanna chuck this email but it is possible that may be the safest recourse. I do use this email for almost 300 different accounts to various things though.

  • thepreciousboar@lemm.ee
    link
    fedilink
    arrow-up
    4
    ·
    4 months ago

    If you use a strong password and 2fa, there’s no way to prevent login attempts, and a strong enough authentication will make random login attempts just a nuicance. You can set up a recovery address (that must be equally safe). If you are using an online password manager, check there was no known leak

    • WhatAmLemmy@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      ·
      edit-2
      4 months ago

      There is 1 way to stop login attempts. Use an alias provider (e.g. simplelogin.io), and change the account emails to a randomly generated alias.

      Even if you used the same password everywhere, as long as the email/username for the account is randomly generated the password is essentially useless.