Remember when you set up your domain and just used the default first 6 letters of the domain? This makes it incredibly easy for anyone with a Password cracker to just set it to keep trying combinations until they get in.
It might take them a long time or they might get lucky.
Bottom line when you set up a new domain at your host and are adding your username and password. Change the username to something hard to guess.
Just a reminder;
I did the same thing for years using the default. But after seeing all my usernames listed, that gets me thinking.