If you have received notifications about wrong password logins:
Yes, botnets are scanning
Yes, we block them but can’t do that with one click
No, we haven’t been hacked
What is the best way to sleep well and keep your account safe?
Don’t use the same login as on the other sites. You can easily change it in your account.
Don’t use the same password to your email as your password can be recovered if they have your email password.
TURN ON 2FA. This is bulletproof.
To calm your paranoia down, you can set IP white list in your account (but be sure what you do, don’t do this on dynamic IPs).