That is what boggles my mind that someone got in DESPITE 2FA being active on ALL my accounts.
Which 2FA method?
Google has several different options for 2FA, there is one where you open the Gmail app on your mobile phone, another uses Google authenticator, and I believe there is also a phone number verification also. So which one were you using at the time of the hack?