Figure that the password was compromised somehow and someone is sending spam from another location.
Changed the password and setup two-factor authentication. Unfortunately it seems like the emails are still being sent which I'm guessing is from another computer in a different location. Even the email headers seem to have IP's in different countries.
How can I ensure that all of the sessions that were logged in before have been invalidated requiring them to use the new password and token?
I don't see any options on seeing the list of logged in sessions, IPs, or ability to invalidate them all.
Thanks.
Recent Comments