Same here, I haven't checked my email since I don't have much activity on stake this past few weeks. I could say that my idleness saves me from possible phishing attempts. Though it is quite surprising that $10m is stolen from hacked accounts. Aren't they activating their security options? This is just a user data breach and not an internal system hack, so it is somehow impossible to lose a significant amount due to phishing if 2fa and other security feature is enabled by the account.
Correct me if I'm wrong but I believed that verified Stake account users can't change their email used on the registration. Therefore, even if a user's account got compromised and their Stake account login details were input on a phishing site, the hacker can't just do anything on that Stake account.
By default:
- an email code is needed for a successful login
- withdrawals also need an email code if 2FA is not activated
Not unless the email login details were compromised, that's another story.