Also secure your email! They have access to that otherwise the attempts wouldn’t show.
You might even want to go as far as asking for an email change through support.
And do a full scan on your computer.
Knowing his email address is not the same as having access to it. If they had the password to the email they would have intercepted the “someone is trying to log in” email and validated themselves, thus successfully hacking the game account. Because they didn’t do that, they have the address but not the password.
It’s like, looking up my address in the phone book, you can show up at my house, but that doesn’t mean you have the key to the front door.
This is true. E-mail addresses are “phished” all the time by people who hope the owner has a GW2 account, and will fall victim to an account theft. The fact that an e-mail address is “out there” isn’t the issue. The issue is when the e-mail address and password are on some credential list harvested from a hacked site, and some pretty major sites have been plumbed for those lists. For more info, see this article, definitely worth a read: https://www.guildwars2.com/en/news/mike-obrien-on-account-security/
