Stick the email address in he
https://haveibeenpwned.com
Ah, that shows LinkedIn as an affected site for a data breach associated with the email address in question. I just realised that my LinkedIn account also used the old favourite email/password combo, so the recent activity could all be down to the LinkedIn breach.
https://haveibeenpwned.com says that while the LinkedIn breach was in 2016, it was 4 years later that the data began appearing on the dark web market. Maybe the vitamin supplier transaction was not at fault (still could be, though).
Cheers.
Ant.