I received a notification last night that someone changed my shipping address on Macys.com and when I visited the website, there was an open order for a PS5 with delivery to:
DONT IEPN 203 W PITTSBURGH AVE WILDWOOD CREST NJ 08260
After logging into Macy’s I got 43 emails at once to seven different services like “Excalidraw” and “Sportograf” trying to login using a magic link.
At this point was was pretty nervous so I checked my main email security. Sure enough, there have been repeated login attempts under my account going on every few minutes for weeks.
I also saw there was an attempted login to my cellphone or home internet company.
I use 2FA, authenticators, etc. Basically what else should I be doing? Is there any way to be more preventative? I really don’t wanna chuck this email but it is possible that may be the safest recourse. I do use this email for almost 300 different accounts to various things though.
There are free services that allow you to create countless emails, one per site is ideal, just like one (different) password per site. Addy and Simplelogin have a generous free tier, last I checked the first one allows for unlimited receive-only addresses (when shopping it’s very rare you need to respond), the second gives you some two-way addresses.
If you get a domain, many registrars include free mail service, and have mail forwarding, or “redirecting”, which basically will allow you to create countless addresses (that can also send/respond) for your one account (You add these “email forwards”, or “Identities”, to your app of choice, like K9-Mail for android). You don’t necessarily need to buy their separate email package (although the interface might be more convenient). I’ll give you one example which includes email: OVHcloud, one of the largest clouds in europe.
If you can afford it there are all-in-one services like Soverin with easier interface.
It might be wise to start a slow process of migrating (or maybe deleting and creating again) accounts, and saving all this stuff in a password manager (like KeepassXC) if you aren’t already.