Thanks for reaching out! I have had 2FA as well since 2014, ever since the Oleg Pliss attack.
This is indeed quite concerning, more so since the password was unique. Which is one of the reasons why I personally am suspecting sniffed packets or maybe some data bleed that lead to my hack as well. From what I remember, there doesn’t seem to be any reported attacks so far.
Could you drop me an email at khvignes (at) uwaterloo (dot) ca, let’s take the conversation there.
Cheers and looking forward to your email,