I checked this on different clean device which was never used for fbc (different OS, different browser, different DNS servers) and still my session was somehow hijacked.
It's also possible that my router is compromised but it's highly unlikely.
From my point of view.. I know it's hard to believe and even I have doubts, but it looks like fbc had some security breach or some 3rd party service they were using. Attackers were targeting only some small group of users (including me) and they managed do inject malicious script only for some accounts.
For a week or so I was also getting notifications about change in deposit address (change to P2SH segwit addresses started with 3...), but I ignored that because I didn't plan to make deposits.
Everything was looking legitimate. This message was looking exactly the same as any other notification on fbc site. Same fonts, same colors, etc.
Now everything works as usual, so I guess I will never know what happened.
I don't know much about this kinda thing but from what I know about friends in IT, we have a lot of customers who send us client emails like this, it's always clients.
Server side issues usually very difficult to target specific clients from server, and I'm a user like you, very active, very old, and using a lot of features to earn interest etc. I never once got this kind of issue.
I did however get funds withdrawed a few years ago (and somehow never got the confirmation email) but since I did 2FA, nothing ever happened.
If you using on new device and everything works as usual... it kinda confirms the theory your device/software got infected. Glad your funds are safe mate!
@FelErYun Show us a screencast of this exploit. Otherwise I say fake. And the reports you sent, why not publish them here (without the details) or on forum thread. FBC will quickly see it.