I actually am coming to the conclusion that 2FA is dangerous. It's recommended any time there's any kind of breach as if it were some kind of panacea for security, when in most cases the cause of a security breach is a database intrusion.

2FA keys are stored unencrypted so if the db is breached they're already cleartext (no boil the oceans bcrypt collision needed) and the extra layer of security theatre from 2FA only encourages bad practices like password reuse & easy passwords.

2FA can prevent future password phishing attempts when your users table is compromised.

It's a bit of a redirect in terms of what happened with Slack though and not worth mentioning after the fact.

Agreed: 2FA protects against password leaks on other sites from being applied to the system in question. In this case it would have been more reassuring to hear them disclose what was the attack vector (e.g. social engineering, email trojans, etc) and explain how they will reduce the chance of a similar compromise in the future.