The original 2FA did not get thoroughly bypassed, because otherwise I would've lost my username, so that's false - at least, based on my experience.

However, there are separate vulnerabilities that allow for 2FA to be bypassed on Instagram. I assume they were chained to take over specific high-value accounts. The 2FA removal happens as a service - most people charge around $1,000+ - so it wasn't viable for most lower-value accounts. Anything that was worth over $1k probably had the bypass applied to it.