I received a notification last night that someone changed my shipping address on Macys.com and when I visited the website, there was an open order for a PS5 with delivery to:
DONT IEPN 203 W PITTSBURGH AVE WILDWOOD CREST NJ 08260
After logging into Macy’s I got 43 emails at once to seven different services like “Excalidraw” and “Sportograf” trying to login using a magic link.
At this point was was pretty nervous so I checked my main email security. Sure enough, there have been repeated login attempts under my account going on every few minutes for weeks.
I also saw there was an attempted login to my cellphone or home internet company.
I use 2FA, authenticators, etc. Basically what else should I be doing? Is there any way to be more preventative? I really don’t wanna chuck this email but it is possible that may be the safest recourse. I do use this email for almost 300 different accounts to various things though.
Your username and password combo probably leaked from somewhere. It happens when services you use have a breach.
This is why it is recommended to not use the same password for everything, as well as changing your password once in a while.
Also, I recommend putting your email into https://haveibeenpwned.com/ and it will let you know if your address has been part of any breaches that it is aware of. Optional: Sign up, and you’ll be emailed if your address does appear at a later date.