Do we know how the attackers accessed the github repo? If it was via malware on the employee's machine, or cookie theft then 2fa wouldn't have helped.