I once had a functional bug where a MFA recovery email would receive the token, but the system would flag any further steps as ‘suspicious activity’. I also had an active gmail session via thunderbird, so I could easily have proven my claims legitimacy if required. Alas, there is no concept of support at google.
