Apple ID password compromised - 2FA rescued - What next?

Solution 1:

You can ask for account data on https://privacy.apple.com and see if there is any active login. I don't remember if successful are counted only, or all.

Uncheck all irrelevant boxes and you'll soon get the email about data availability.

• Your Apple ID account details and sign-in records.
• Records of your Apple retail store and support transactions.

etc can be accessed. Source

Related write-ups

• Does apple automatically sign out all connected devices when you change the apple id password?

• Does someone know my (old) Apple ID password?

• If you think your Apple ID has been compromised Apple Support. however, this doesn't address the intermediate case of failed login.

• Two-factor authentication for Apple ID This mentions one more point of trusted phone numbers. Verification code could have been sent to a phone number too. So check your trusted phone numbers. They can be checked in Settings > [your name] > Password & Security.

Personal notes:

A failed 2FA is an indicator of failed login, thus as far as I can think, no other device has the login. Only trusted devices can log-in directly without 2FA code. If either your trusted devices or trusted phone numbers are physically captured, they can be used to log-in. Keychain items are visible only on devices, not on web. For iOS, in Settings > Passwords & Accounts > Website & App Passwords. For Mac, in Keychain access.

https://support.apple.com/en-us/HT203783#stored