I have about 1000 affiliate accounts. Many which are tied to my SS# for tax purposes. If someone tries to use my username, affiliate ID, SS#, email or anything that is tied to my original account the 2nd process DOES NOT GO THROUGH AT ALL and an alert is sent to my original account.
That's been happening for well over 12 years now. I'm just shocked that P------r would send an email with the SS# and the real name (and I'm assuming the username since they claim no email is from them without both real and user) to someone who might be trying to hack the system. My original accounts have never been locked either.