I believe the emails you received from the FAOL BB are valid, they are not the "hack".

A person or group is using software to try to login to accounts to identify a user name and password combination that is valid.

Using the assumption that many people (foolishly) use the same username and password combinations for many other web sites (such as banks, credit card accounts, brokerage accounts, etc), they will then take the combination of username and password, which proved valid at FAOL and their software will try it at thousands of other sites, from which a theft can be made

The FAOL BB email is alerting you that multiple failed attempts were made to access your account, which in actuality are coming from the software being executed to attempt to find valid name password combinations.

One concept many miss, is that the attempts are not being executed by a person, they are being executed by software, which can runs for days, going to an unimaginable number of web sites and trying name and password combinations. Once the software finds a working combination, then a human becomes involved to execute the theft.

That is my thought, please correct me if you believe otherwise.

Cheers!