because the AWS root user email can only be changed using the AWS Management console:
Source: https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-root-user.html
and access to the AWS Management Console requires your root username/email and password (and MFA).
The root user name can be found from the access keys in your rclone config, but not the password.
So something else was (also) compromised to get your AWS root user password (and MFA).