2FA did not help according to the primary finding
https://news.ycombinator.com/item?id=48359102
In that case it sounds like the last waves of malicious reset attempts happened after the patch was put in place
alt Hacker News
In that case it sounds like the last waves of malicious reset attempts happened after the patch was put in place