Yup, hackers run through leaked email addresses, or target people. If your email is listed in haveibeenpwned.com dumps, scripts are processing the lists.<p>Only real basic things you can do, dont use your primary cell/emails as 2FA backup. Amazed theres no company offering security enabled sms enabled numbers via a webpage to plug the sms hole.<p>And if you use your primary cell for 2fa, call your carrier and put a no-transfer lock on your account. This is how the bitcoin hacks happen.<p>Also, google has titan keys, they ignore them for 2FA also. Kinda mornic.