Admittedly, my alias is a plain word so possible they could've just tried brute force finding an alias
that could be quite true. blockchain.info should monitor access/ip patterns to spot such attempts.
more importantly, i stronly suggest to enable two factor authentication. (and if you use email, think about the email security
gmail has 2FA too)