[luma]

Folks in the thread noted that the recovery code sent was the same each time, which leads me to think it might have been a phishing attack. Send email that looks like FB recovery, but have the links go to some domain you own and snarf up creds, including MFA etc.

[tomhoward]

Not in my case; I've had two password reset emails in the past 3 days (having had none since February) and both have gone simultaneously to the different email addresses I have on the account, with different codes on all the emails (even the ones sent at the same time), and the click-through URL is certainly on the legit Facebook domain.

[jcpham2]

I got one yesterday I ignored

[tonyedgecombe]

I've been getting a lot of those lately. They were easy to spot as I don't have a Facebook account.