@ArcherC8 I couldn't find any new MAC Addresses in the Access Control so far. I was testing these Tapo smart plugs which were already previously added in the Router at the time period I received the email message. The SMTP server used was amazonses.com so I guess it is officially from tp-link.com site if its using Amazon as the web host? I just don't understand why I received that message. 

Is TP-link partnered with Xinnet.com? I'm asking because I received a Reset Password email message that has a button containing a link going to a page in tplinkcloud.com. I searched who owned that domain name and most data is redacted for privacy plus the Reseller data is also blank. This is unlike the available info for tp-link.com domain name which shows "TP-LINK TECHNOLOGIES CO.LTD." as the Reseller.

Asking because I was not able to log in into my router recently even when I used the correct password that I copy-pasted from my records. So I tried the Forgot Password feature of the Router to reset it and that is when I received that Reset Password email messages. I've reset the password twice now after restarting the Modem and Router. See image below for more info...

Thanks @Carl for the recommendation. I've just sent them an email. I also found no new devices under the DHCP Server section. The last devices I added therein were the Tapo smart plugs. Anyhow, I hope the local tech support guys can provide some info on this. Appreciate the help ArcherC8, thanks as well.

It's sad to find out there is no Multi-factor or even just 2-Factor Authentication (2FA) for the TP-Link accounts. I just realized, the Router, Smart Plugs, and this TP-Link.com site uses a shared single login access information. One successfull intrusion and it's all over. Why oh why? 

@Carl Just posted this. I hope it will help fast-track the implementation of the 2FA feature.