"The bug allows a hacker to log into an account using an email address and password, then bypass 2fa by entering a random code when prompted."

https://www.scmagazine.com/uber-says-bug-that-allows-2fa-byp...