This explanation doesnt make total sense to me, so 2FA, by definition is two-factor. This explains how one factor was compromised. How was the other factor compromised?
You may be right. A lot of orgs will happily let you use SMS for 2FA at login, but let you recover your account with that same SMS, making it 1FA x 2 (or 0FA, to line up with RAID 0)
