I saw the announcement of the compromise and wanted to point out a feature we previously added to hopefully prevent this kind of compromise in the future.
In the site settings you can set enforce second factor to staff - that will ensure that any admins & moderators are required to have 2FA of some sort enabled.
Thanks for the note - I did notice that setting while working thru our issues this weekend and am considering flipping it on shortly. Had to get myself settled first.