A spammer as been hitting our servers with a huge number of login attempts. It appears they have a massive list of emails, and are just hitting our login api with all of them. This is resulting in people getting login codes they didn't ask for. Sometimes ... lots of them. Don't worry, though, nobody can get into your account.
We have rate limiting in place, but they're using lots of different ip addresses, and this is making it hard to block in a simple way. We are working on setting up the systems required to ignore this type of traffic, but in the meantime ... we're very sorry if you are getting login codes sent to you.