If you saved either the 2FA code key they give you when you first set it up, or the QR code image itself, an attacker would be able to use that to bypass 2FA.
I encrypt them with gpg immediatly. I wouldn't say that to be the weak point...
Is it possible that the machine you used to gpg encrypt them is compromised?