If you're already logged in to a Twitter account you can deactivate 2FA by disabling the account (aka deleting with a 30 day window) and then re-enabling the account.
Yup. The interesting thing is that this 2FA exploit was posted to hacker news two days before the twitter hack. It's possible someone seized the opportunity before it was fixed.
My apologies, perhaps my memory was failing me. I can't find what I was thinking of and may have been incorrectly remembering this as twitter instead of google: https://news.ycombinator.com/item?id=23792767
