ok true, but the issue as i see it here ( and reading on / watching other creators who faced similar issues) is that the hack is using session cookies and the lack on google's side where there is no 2fa or pw re-entry needed when changing credentials. a seperate machine (stripped and fortified) and not using accounts on other machines is maybe a crude solution but one that is already safer than just nothing.
i had no idea that it was possible.