I get a message the other day from Microsoft that it detected an unusual sign in attempt for my hotmail account. The attempt was from Moscow and the Microsoft email landed in my junk file and I didn't see it for a few days. I reported back that it wasn't me. This morning I checked my sent file and there was an email that I did not send. The date was a few days before the attempt to log in. It went to a financial advisor that I don't use but I get monthly emails with financial information. I had met with this advisor years ago but decided not to use. The email in my sent said here's names and addresses of friends that I think would like to receive information from.
I immediately changed my password on the hotmail account and the other email addresses I use and enabled two step authentication on everything that didn't have it before. I checked all my financial stuff and that as the two step authentication and seems ok. I'm asking is that's enough or if I should do something else like delete the hotmail address or something else.
Thanks for any help.