This AM we got 2 messages inside of 10 minutes with a password reset from 2CO. This was not the primary username on the account but clearly there is someone trying to get into accounts there. Our accounts there only use hosted emails and those emails have some wacky passwords so there was no issue but it did give me cause to change the usernames on those accounts to something wacky as well. Also, I am sure that 2CO is not the only payment processor that they are attempting to break into and the security issue is not on 2CO, it is on those of us that have accounts there. Be smart and use wild and wacky usernames and passwords on all your stuff and if you can add two-step authentication to your accounts, do it.