Unexpectedly receiving a verification code (also called “two-factor authentication token”) from SoFi can happen when someone other than you attempts to access your account. The most common scenario is when you open a third-party app where you may have linked your SoFi account, such as a personal financial management tool. Opening up third-party apps where your SoFi account is linked is detected as a type of login by SoFi—in some cases, you’ll need to enter this login code on the third-party app to refresh the app connection with SoFi.
If you received a verification code when you were not attempting to log in to your SoFi account, and/or it is not through a third-party app, you should change your password. As a reminder, this password should be unique to your SoFi account and not be used for other online accounts or services.