Wasn't really passing jokes on your account. I need to keep good humor about this regardless.

I have no problems with trying to narrow it down. I have just said time and again of what I place on sites. I pretty much know what is where and what has been used.

Yes they have triggered password requests from sponsors as well. Which could mean perhaps they found one of the many old databases of webmaster information that is sitting in google and have decided to try an old password on as many new sites as possible hoping for a match.

Your whole theory though is based on them having information so that when time comes they can send in documents asking for a password after getting everything reset. Which they were planning on doing but never did for whatever reason.

Michael on the other hand is checking on if protocol was followed, getting a call pulled if it was, and finding out what information was asked and answered if any call was placed as per protocol. Though that still flies in the face of the emails. I am also hoping he will provide me with the headers of the original email, yes I know it more than likely is a proxy but I am real curious about something.

This is where you, and 99% of people fail. You don't just think, you are 100% positive that no info of yours can be compromissed, and if it can, it's from "old database of webmaster information that is sitting in google". Well it just ain't so. I can't explain it to you, as i couldn't to anyone other i tried to explain this, untill you show them the proof. Then everyone goes "oh shit, how". Your info is not safe, no matter how much you think it is.

In any case, i dont know was anything of your compromissed, i just told you how it goes and to broaden your horizonts.

Have I left out the possibility, no.
Have I said I would admit it and share what it was if that is what happened, yes.

For all I know epass themselves go compromised at some point and some of their own data leaked out and that could explain how they could get around it. So no I can not be 100% sure and nobody can be.

Only reason I even mentioned the DB and google, is well I know of at least 2 that are wide open as it stands and I never went hunting for them.

Some people are over a barrel and need an epass acct.

BUT, given a choice, why would anyone in their right mind deal with this???

It is why I do not really keep much in there at all. Nor do I receive sponsor payments to it. Hell I do not even have an epass debit card.

thats really fucked up

Woah.. They sent you a new password and security on your e-mail? Thats fucking unsecure.. What would happen if someone "hack" your e-mail?

That means someone then can easily grant access to account.