@gamingonlinux Maybe that'll bring enough public scrutiny for them to fix their 2fa so that 2fa method can't be changed before performing 2fa auth. Most of these channel bounties would be worthless since the hackers would only be able to futz with the account password but not the 2fa, making it useless to sell off to 3rd parties.

The way it is now they can change whatever they want using only a stolen token session via malware.