There is a vulnerability in version 6.1.0 of the Breadcrumbs NavXT plugin – an excellent plugin (which I use on this site) for placing breadcrumbs on your WordPress installation.
Version 6.1.0 had a weakness that allowed your username to be revealed via the REST API. The current version is 6.2.0.
Make sure you have updated!
Is your WordPress website as secure as it could be? Take a look at the WordPress security products I have reviewed (I use all of them):
Owner – WP Security Basics