1/ Twitter account update

- Yesterday I got locked out of my account. Triple-checked the URL was twitter.com (it was from the mobile app, too) and followed the restore access flow. Went to sleep.

- Woke up to account hacked. Lots of inbound messages (ty!). Pinged someone who was ble to get account locked down.

2/

- I've had a passsword manager password that I don't know and 2FA via TOTP. Also usually good about auditing my OAuth connected apps. Google Fi for mobile to reduce likelihood of SIM swap.

- After @vitalik.eth's hack, I removed my phone number from Twitter as a precautionary step.

- More updates to come...

Saw someone who had this happen to them, but with their youtube account. In that instance they found out that it was their session ID tokens that were compromised, as they were logged in over a few devices. 
I think it's a lesser known, but pervasive way that hackers are circumventing  2fa and passwords at large.

I’m sorry this happened to you. Thx for sharing what you know.