Márton SalomváryFun times. Raivo, the some-time-in-the-past-open-source 2FA app I switched to on my iPhone a few years ago while degooglizing my life got quietly sold to a shady company by the original developer Tijme Gommers, and an update they pushed few days ago wiped all my passwords from my device, with no apparent option to recover.
I am not as fucked as I could be because I have recovery codes downloaded or alternative (SMS) methods set up for (hopefully) everything, but I do not have a backup of the security codes that allows a quick recovery or import to a different app.
I will have to do the tedious work of setting everything up one-by-one again. To make things difficult, some of the recovery codes are on paper, currently 800km away from me.
Some people reported the app asked for a ransom for restore/export.
Would have been a great opportunity for them to make some money on me, had they done so, but that did not happen in my case.
This is also a good test on how good/bad 2fa recovery and update procedures are at certain services.
Google, Fastmail and DropBox for example were pretty good, dont't even need recovery code if you still have an active session somewhere and know the password.
Worst offender is one of my domain registrars, their 2FA QR code generator is broken because they use a now retired Google Charts API.