For the more recent posts on this thread, and to ease some concerns, I have received several of these codes today as well. Both via text message and in email. They look legit, and I would guess that this might be a message sent when a user selects the "I forgot my password" button. So I would guess, someone, or a bot is probably sending forgotten password requests to a list of emails they've collected. My primary concern would be that maybe they have a way to access my email, which would then allow them to actually reset my PayPal password and access my account, but I am not immediately concerned for my PayPal account, because as long as I can log in, they have not been able to reset my password using the "forgot my password" option. It would be nice to get some feedback from Paypal staff on this matter, but these are my thoughts. I actually decided to test this theory before posting, and this is exactly what is happening. I select "forgotten password"and it asks for my email. Then it offers 4 options to confirm your identity, email a code, answer security questions, confirm your credit card number, or receive a code via text message. The same text message shows up from the same number as the messages I received this morning. So communications are most likely legit, but the request are not. It would be comforting if PayPal had an option to prevent password reset requests for a short period of time. By immediately giving options for resetting a password, they're confirming that or email is associated with a Paypal account. Perhaps would be hackers could be deterred by a policy that allowed us to change our password and then not allow a forgotten reset for a month. In this way, the hackers might try resetting again and they might then receive a message that indicates no account is associated with our email due to our recent password reset. Just an idea for user peace of mind.
... View more