Baakeer

Source. Maybe this will help you for future reference but I do agree.

I personally recommend using the Authy application on both iOS and Android. It's easy to recover 2FA Accounts if you get a new phone or even a new number, just dont get a new number as you need to use a form and the team has to verify its you. :) But as long as you have the same cellphone number you will be fine. I personally have this application on my iPhone, iPad, and my LG G4 as well as my desktop so I will never lose access to these devices.

From a IT Standard point, I am whitehat. Mostly likely they use a username grabber in game by using the who command (I think it is) that will list players, then they most likely either a use a password list and try to bruteforce, or b they use a password database like website. reverse your username and enter all those previous passwords. To answer the question 2FA would enhance the security of not the database but your account, it would require uses to access it.

thats them sending you it, not you sending it out

Or better create flooding limit, i.e. you send 5 within x amount of sections timed out for x amount of minutes if the message is the same