Apparently xitter saw an access from Russia (even if it’s blocked by the government) and had no problem in giving full access to change immediately the password, disable 2fa and start scamming followers.
It seems an easy attack to fix IMHO: if access from Russia (or a country from the other part of the world) on a business account that always tweet from the same place, then deny access even with valid stolen session cookies
A shock to no one. With all the chaos with Xitter I’m sure security isn’t a high priority