Just received the same e-mail. I don't know whether it is a legitimate one or not, but it sounds VERY suspicious. Mine includes a direct link to change my WPML account password (pointing to a domain other than WPML's). This is utterly suspicious and technically wrong. Why do not simply say " go to your WPML account and change your pass" and include a direct link, instead? Furthermore, it's Sunday. So WPML's staff is arguably on holiday and is not replying to the messages which are now popping out on their support forum. My humble suggestion: do not click on that link!
Just received the same e-mail. I don't know whether it is a legitimate one or not, but it sounds VERY suspicious. Mine includes a direct link to change my WPML account password (pointing to a domain other than WPML's). This is utterly suspicious and technically wrong. Why do not simply say " go to your WPML account and change your pass" and include a direct link, instead? Furthermore, it's Sunday. So WPML's staff is arguably on holiday and is not replying to the messages which are now popping out on their support forum. My humble suggestion: do not click on that link!
Email from WPML: https://pastebin.com/raw/jS44fnMa