Why did the article state that this is a problem even if one is using 2FA? Even if you reuse passwords, 2FA would stop most attacks it seems or slow them down incredibly, where you would be alerted to the multiple attempts to guess the 2FA code before it was actually cracked.