Update: false alarm. 2FA is working properly for all users. Sorry for the inconvenience caused.
--
You can use SMS as second factor or a security key, if you have registered one. Already logged-in users are not affected.
We identified the issue and are working to fix it.