This topic is kind of reiterative, and crops up every couple of weeks or so. Nevertheless, it is an important matter to take into consideration and should be a concern.
Lately I’ve seen emails of scammers claiming that they have cracked people’s email account and have access to such and such. Normally these cases are not direct hacks on your email account, but derived from having provided the same credentials on a given website as you use on your email account.

2FA is an important safety feature, but just as important is to make sure you protect your 2FA backup codes properly or better still, use something like Authy that allows you to backup your 2FA on the cloud in an encrypted manner. I’ve seen quite a few cases of people using Google Authenticator on their mobile device, and then having a rough time accessing their accounts when the device breaks or gets stolen.