Email addresses and phone numbers provided to secure user accounts were accidentally shared with marketers. Twitter account holders who provided an email address or phone number to enable multifactor authentication may have had their data used for advertising purposes, Twitter reports.
Source: Dark Reading