My pleasure; I hope this is helpful… some of it.
Good luck with sorting out your two versions of RW; that was this thread, wasn’t it?
I don’t know of any software which uses one entity (your email address) of the login/password combination to derive the other (password) without prior access to a location (e.g. Amazon’s LDAP server) where they exist as a pair.
From what you say, and not knowing the details, it may well be that the first exploit was on your PayPal account. Unfortunately, I have found PayPal particularly unhelpful in solving such issues: all the agents to which you have access (by email or phone - even before the current crises) can’t access security information and are unable/unwilling to advise.
Without giving any information here, were your Facebook, Amazon and PayPal credentials all different? If so, I’d have thought it unlikely that whoever seems to be doing this could use one to get another.
There is one famous case of a Wired journalist who experienced a kind of cascading attack; and what he did to put things right is detailed here.
I’d call Apple and see if they know any way in which to have another person’s email address as your login (for Amazon) is possible without that other person having gained access to your computer. Unless, perhaps, either:
- you entered a URL which had arguments (the parameters after the ? In the address) which somehow contained that part of your login string, or
- you clicked on a ‘fake’ URL
You might also want to ask on the Apple Community boards.
Good luck!