Screen Sharing hacked - How to be confident the 'hole' is closed...

My OS is Ventura 13.3.1 on a M1 Mac mini.

Over the weekend my computer was hacked into through Screen Sharing. It is 100% my fault, no question there, because I had set up port forwarding so that I could log into my computer when I was at home for Christmas, and never shut it back down. (Since it needed my user account password to log in I felt it wasn't "completely" open, but clearly they got ahold of that password.)

I deserve every bit of "blame" anyone wants to throw my way about making such a dumb mistake, but lets just skip that since I get it, and accept it, and I've learned my lesson.

It was the middle of the night, but I by total chance was awake and caught them pretty quick (I think) and shut it down. They did log into Amazon and PayPal and buy several gift cards. Since they were logging in from my computer's browser through screen sharing, auto-complete let them in.

Could have been much worse. Looking at my browser history, they first tried going to Coinbase (no account there) Chase (no accounts there) Amazon ($250 in gift card before Amazon locked my account) and then PayPal ($200 in gift cards before I caught wind and shut everything down). Luckily they didn't see my bookmark to PNC, my bank, which also would have auto logged in. They could have cleaned me out. Or they didn't recognize that "PNC" is a bank, since it isn't as obvious as "Bank of America" or "Wells Fargo" or something...

(As a side note for anyone interested, the Amazon charges were through my default payment method, which is a debit Mastercard, and I am being totally protected there by Mastercard Buyer Protection. The PayPal charges were direct on the PayPal website, and PayPal is throwing me to the wolves and not offering ANY protection. FWIW)

I have now:

• Turned Screen Sharing & Remote Login OFF in System Settings
• Deleted the port forwards from my internet service/modem
• Deleted the entries in my router's settings that made those port forwards "work"
• Changed my Mac user account, AppleID and all bank/other website passwords to completely new, much longer passwords
• Set up 2-factor for everything that has the option

My questions are:

1) Just for peace of mind, with those Screen Sharing & Remote Login options turned off and port forwarding entries deleted, there really is NO WAY for someone to screen share into my computer from outside my local home network, right? Whether they use Screen Sharing from a macOS computer or VNC from a non-Mac computer, it all uses the same underlying mechanisms, which I now have turned off? (screensharingd, I believe...?) Doing Screen Sharing through Messages DOES STILL WORK apparently, which makes me worry a little, but is this normal behavior? It does require someone on both ends to authorize.

2) I'm still able to view the screen of a headless Mac mini on my local home network. It is functioning as a dedicated print server, no software other than bare minimum installed and not even signed into ANY iCloud account. This is normal behavior, since Screen Sharing is still ON on that computer, right? In other words, Screen Sharing being turned off simply means that that computer won't share IT'S screen, not that the whole Screen Sharing infrastructure is shut down?

3) Is there any way to tell if they downloaded a "dump" of my email and or Messages or anything? If such a mechanism even exists? I think I caught wind of what was happening pretty quick, but it is possible they were on my computer for a while BEFORE they started buying the gift cards, which is what alerted me.

4) Should I consider completely wiping and reinstalling from scratch on my Mac mini to be safe, in case they, while on my computer, installed some other backdoor to my computer that can avoid using Apple's own Screen Sharing code and use their own instead? Or key logging software? Or is that over-worrying?

Thank you deeply to anyone who actually read this far and is open to helping me out with some information that will hopefully give me some peace of mind... I've been turning my Mac completely off every time I walk away from it the last few days, and that ends up being dozens of times a day, and it is pretty disruptive. haha (Luckily the M1 Mac mini boots crazy fast!)

Thanks again.

[Re-Titled by Moderator]