The fact 2FA has been reset should be bold and center of this announcement. Many won't notice that 2FA wasn't requested on their next sign-in and will be less secure as a result.
Isn't one of the new features the ability to block instances at a user level?