TL;DR: If your password is compromised or you're using the same password on poloniex and on other sites, an attacker can get access to your account bypassing 2FA and email verification. To be safe use an unique and strong password.
Can anyone confirm this?
To be safe, don't use polo!