*A statistically irrelevant number of people…
For a few months, I had been getting emails from booking.com saying that I had forgotten my password. Probably scammers with my Gmail username futilely attempting to use the forgotten password link to get at stored payment info. Once I set up 2FA on the account, the emails stopped.
I was wrong. It wasn’t the forgotten password link. It was one of those sites that sent a login link instead asking for a password when you put in your username. That changed once I set up 2FA.