I've used blockchain.com and there's a verification everytime I log in, it doesn't go directly to my wallet. Having that said about the notifications, there's an email notification before proceeding.
Thank you, there was no email notification, and, right, they couldn't get my private keys, the true reason was blockchain.com security breach, which they never admit.
If you have checked it already and no notification has ever found. Did you looked at the other folders of your email? sometimes it's on spam folder and other unnecessary folders of our email. Otherwise, this is like the case that I've seen before that his funds were retrieved by someone although he's really technically aware of what he does and knows how to protect his funds including private keys, recovery phrases and login details.
They really have some issues, for example on one of my account, I was always unable to log in even after email verification, that was happening only on one wallet, others are still working fine.
Also checking email has no idea, user had to gain access on email in order to log in on blockchain.com's website, so he would delete information.
But there would be some issue from OP's side, if there is security breach on Blockchain.com then not only his but a lot, really a lot of wallets would be hacked, security breach can't get only one user's account into other's hands, breach gives access on some part of wallets.
Hard case OP, can you think more deeply and remember, what happened? Did you install unknown antivirus? Pirate windows?