blackice

Level 13
Verified
Was it caught and shared in some hack, that you know of?

Yes it’s been part of multiple hacks. It’s actually a straight authenticated account. They just put in my email and attempted to login. The Authenticator asked if it was me. I had changed the password multiple times since the hacks. Then they switched their Authenticator to being password free, which I forgot about. I regularly run my emails and my wife’s emails through haveibeenpwned. Thankfully we’ve had few to deal with.
 

Threadripper

Level 8
If you're hacked you're done, they take all the passwords from your local machine when you decrypt them with your master password - not from the remote server. To mitigate this

1) never store your 2FA codes for your accounts on the same password manager you use for your passwords (I'd go as far as don't use the same machine, to maximally decouple the 2nd factor from your passwords)
2) take measures to secure the machine to avoid compromise
3) don't sweat over it, if they only have the passwords without the 2FA codes for your logins nothing can happen and if you use a good security product this should not happen in the first place.
You said if they are hacked which is why I was talking about password managers, you're talking about using your password manager on a compromised device - obviously that's going to be a problem.