Have you checked the full headers to see if your address has been spoofed?
Unfortunately, there are lists stolen, by hacking, from retailers etc, which are bought by spammers who then send out phishing and other spam emails, usually spoofing the address that appears in the from line.
To see if your address is on one of these lists you can check here.
https://haveibeenpwned.com/
Some lists include passwords as well as addresses.

Have you checked the actual full e-mail headers? - the From header can be set to anything by anyone, and it has no real connection to where it was sent from, so it probably wasn't sent from your e-mail address.

When you say the To address did you by any chance mean the Subject?

If so this sounds like one of the extortion e-mails (which in this case just happens to be in Chinese) doing the rounds where they claim to have recorded you visiting porn sites, and ask for bitcoin payment to delete the evidence. To make it more intimidating they e-mail you one of your real passwords that they have harvested from one of the data breaches over the past few years.

Check your e-mail address at https://haveibeenpwned.com - that will tell you if your e-mail address has appeared in any of the lists of hacked sites.

When you say your were unable to access yout PN account, just what do you mean? The webmail? Your online account?

Hacking your e-mail wouldn't allow anyone to change passwords, unless the passwords appeared in one of the e-mails that are currently on the system.

EDIT: I see I was beaten to it!

Not easy on an iPad to check details but I forwarded it to PN fishing address and could see that the To address was the password name with my email address.

By To address I mean just that.

The powned site lists 6 but then it would as it’s pushing its software.

By PN account I mean the main account. I have another thread on the account/billing forum where you will see that I have changed the password twice today and must now do it again!

There is no question that both my email account and main account have been hacked.

PN don’t care either. In fact the person who answered my call earlier was downright unhelpful and rude.

---

@Mardler wrote:
...

The powned site lists 6 but then it would as it’s pushing its software.

...

---

I don't think that is true. I have just checked one of my email addresses and it showed no breaches

Hi @Mardler, we take matters like this very seriously and would like to look in to this further. Could you respond to the PM I've sent over.

Thanks.

If this post resolved your issue please click the 'This fixed my problem' button

Harry Beesley  Plusnet

@Mardler and @daveplus, yes, I check my several email addresses there every now and again, which is why I put in the link in my reply. Some of mine have been on the lists and others have not, which ties in with which addresses get regular spam.

---

@daveplus wrote:

---

@Mardler wrote:
...

The powned site lists 6 but then it would as it’s pushing its software.

...

---

I don't think that is true. I have just checked one of my email addresses and it showed no breaches

---

I second this. I regularly check all mine these days after I started getting phishing emails. This correctly identified the pirated address. Since changing this one I currently get no problems, says he touching wood!

---

@Mardler wrote:

 

The powned site lists 6 but then it would as it’s pushing its software.

---

What software, 1 Password?

It's not their software.

HIBP is owned and operated by Troy Hunt, a highly respected security researcher, who funds his work mainly through donation and sponsorship.

DaveyH: yes, I discovered Tony H a few minutes ago though it looked as though he owned 1P.

Cross posted from Account/Billing:-

One step closer.

A clearance of stored passwords in Chrome (I deliberately left that when deleting cookies etc.) cured the main account access problem and doing the same in Safari sorted that. You would have thought that inputting a new password would have overridden the stored one but it seems not.

All that remains is the Chinese email and the use of a password I have used a couple of times.

I am now happy to delete the email and close this topic.

All that remains is to wish everyone who responded a Merry Christmas and a Happy New Year. 😀

@Mardler regarding stored passwords, I use Firefox and if I change a password, a little box pops up asking if I want to save the changed password BUT it goes away if I don't answer quickly and then doesn't save it. (Haven't had to change any in Safari as I only use that when FF doesn't play nicely, and I don't use Chrome, so have no idea if there's anything similar in ether of those.)
Glad to see you've sorted it all out anyway and A Merry Christmas etc to you too.