But then millions of users would stay unprotected from password sealing (see https://haveibeenpwned.com/).

They certainly did a proper thing forcing people to use 2FA AFTER multiple emails over the years recommending to turn it on, and warning that they will enforce it, which they did.