If you’re a WordPress plugin developer, you may have received an email from an address other than WordPress.org notifying you that your plugin had been removed. These emails are fake and designed to gather your login information for unknown nefarious reasons.
Emails from the WordPress.org Plugin Repository are always sent from a WordPress.org email address, so if you receive an email from elsewhere claiming official WordPress.org Plugin Repository business, delete it immediately. If you have already fallen victim to this phishing attack, you should change your passwords as soon as possible.
Thanks for the heads up.
Thanks we received those emails too. Changed all our passwords.