Early on today I got an email saying my twitter was logged into by some other device elsewhere in the country. I changed my password enabled 2FA and then scanned with virus total, Kaspersky and malwarebytes, the free versions. They all came up clean. I also used haveibeenpwned to check for data leaks and that came up clean too. I enabled 2FA for my other accounts after this like Instagram aswell as changed my passwords for it. Then later on in the day my instagram also got logged into. I’m on Android and don’t know how they are getting in with new passwords and 2FA. Is there any way my AVs missed something? How would they be able to find out my new passwords and bypass 2FA. Nothing on my either of my accounts was changed and I have nothing of real value on them. I’m more worried about my privacy.