For those unfamiliar, there are some 2FA systems that send a one-time code to your phone number for verification, which is what Twitter uses. However, according to the company, it seems that your phone number which you provided to the company for use in 2FA might have been “inadvertently” used for non-2FA purposes.
According to Twitter, “We cannot say with certainty how many people were impacted by this, but in an effort to be transparent, we wanted to make everyone aware. No personal data was ever shared externally with our partners or any other third parties. As of September 17, we have addressed the issue that allowed this to occur and are no longer using phone numbers or email addresses collected for safety or security purposes for advertising.”
The company has also since apologized for the mistake. “We’re very sorry this happened and are taking steps to make sure we don’t make a mistake like this again.”