I doubt it. If it is enabled, I don't see how the hacker could've circumvented it. I wonder if @bagder uses 1Password or something similar for 2FAs. Would love to know once this gets resolved.
I've seen (and reported) a lot of such verified accounts that pose as Elon Musk. I don't get one thing—why can't Twitter set up a system that alerts to such changes to verified accounts? Can't they do a match on the name/profile image that could alert them of a possible hack? I'm stumped as to why they don't have such a system in place already considering not everyone has a verified account.
I rather refrain from speculating as I truly have no idea! As I describe in my blog post, I just got an email saying "someone" had logged into my account from a new device and then I was kicked out (as that user then changed password and email presumably).
Mastodon: @bagder@mastodon.social
Keybase: https://keybase.io/bagder
IRC: #curl on freenode
Email: daniel@haxx.se
website: https://daniel.haxx.se/