Dropbox Hacking Past Two-Factor Authentication Link

From SecurityAffairs.co:

For example to attack the DropBox account zuz.85@hotmail.com the hacker could register a fake account zuz……85@hotmail.com In the second step of hacking process the attacker has to enable two-factor authentication for the fake account he created to obtain the emergency code generated at the end of the process. The code allows DropBox users to disable two factor authentication from his account in case of loss or theft.