I have had similar emails. But in my case the one bucket listed as public is intentionally public.
However, a couple of years ago, when AWS realised that they had been setting things to default to public (or all the examples they gave did so), many of my buckets were listed as "potentially" public.
And I think that "potentially" is the problem. My interpretation of the emails (and maybe the linked web page) is that it is possible to set up buckets so that they require a logged in AWS user. But if you do it wrong (and I think I did in the early days), ANY logged in AWS user can access the bucket, which is practically the same as public to the bad folks.
So it is worth triple checking your settings.
I'm not an AWS expert, and definitely got it wrong when I first started using S3.
I hope that helps.