Yes, in the default setting the UI creates your account with the same key for active and memo. I would not recomment this setup and have three distinct keys for active owner and memo. But please be aware that changing the memo key means that you wont be able to read any old transfer memos, only the ones you receive or send after the key switch
If you create a new account and transfer funds you are giving up the old compromised account. That means that the referral rewards still go to the compromised account and there is no way to switch that, also the LTM is not tranferrable. I would recommend changing the acive and owner key if you logged into OpenLedger in the last 48 hours.
RE: How to change your BitShares keys for local wallet and cloud login