This is now resolved and was caused by a RTC (real time clock) timing issue on one front end server causing API tokens and 2FA/OTP keys to expire too early compared to the user request. All servers rely on NTP but the shift appears to have stopped this enforcing the correct time due to the regular time shift by a value considered too great.
Due to the sticky nature of the load balancer always forwarding a matching IP/hash to the same front end server unless down, it only affected those who originally saw the issue.
The underlying chassis has been replaced to resolve the issue whilst further hardware investigation will go whilst offline.
