Meh, yeah, happened to me today. Woke up to see there had been a text sent to my phone. I login to PayPal the normal way with password and 2FA. There have been no withdrawals, but when I check the managed machines - I see a machine named ginna in there that had accessed the account. I remove it, hoping that what it says about requiring additional security to login - but given this one-time code bypasses 2FA, I don't have much hope it will make any difference. I did see the post about changing the number to a Google Voice number, but when I tried that they say it can't be a VOIP number. There doesn't appear to be any sort of news coverage of the matter that might drive PayPal to make any changes here.
... View more