Also don't think op's seed was exposed/or it came from electrum because there would be no need for the hacker to disable blockchain.com's 2fa... As pointed above, it's pretty easy if you have access to the email account: you just need to approve the email request and your 2fa is gone. I think you can try to request account logs to blockchain.com, it's likely that they deleted corresponding emails.
Whatever the case, you should drop blockchain.com. Even for small amounts, there are better ones out there.
I am just wondering if the 2fa would automatically be switched off if someone used the seed phrase because then it would not really matter, when you have the seed phrase all the security no longer matters