The Washington Post reports that e-mail and phone numbers used to log in to Twitter were hacked in late 2021. Two factor authentication is your friend. I deleted my Twitter account two months ago, but the data has been out there for a year or so:
Thanks for bringing this one to our attention!
If one wants to further educate and, perhaps, depress themselves; have a peek at Have I Been Pwned. You can check both email addresses and phone numbers. I have compromised email addresses but my phone numbers, thankfully, remain unpwned.
Two factor authentication is your friend.
Yes, but not so much if relying on SMS (text message) for the second factor as too many sites choose to do. SMS is 1990s technology never intended to be deemed secure. If available as an option; a token app such as Authy or Google Authenticator is far more secure.
I think more important than multi-factor authentication are unique strong passwords for each site and using a password manager. Reusing the same password on multiple sites is asking for trouble.
Have I Been Pwned suggests 1Password. I use open source Bitwarden. Stay away from LastPass, which has itself been breached.
Thanks rolandh for posting the Have I Been Pwned link.
I tried it and my gmail account (which I use for Twitter) had been. I had changed the password about 2-3 months ago to a really long one, and so far, nothing has happened.