Gregory's Serverpaid off baddies at cell/phone companies are rerouting 2 factor authentication requests to primary baddies and nobody is any the wiser to how it happens. Once in, primary baddies are using old accounts to launch more potential attacks.
So use 2 factor authentication that doesnt rely on phone, and double or triple up on other methods for accounts that can reactivate other accounts.
I think I got the gist of it.
Edit: I am being too specific - this is for all user accounts. But my job revolves around the Active Directory/Azure framework where I can activate and deactivate accounts if I so pleased.