Twitter's data collection/friend matching feature used an API endpoint that returned usernames given phone numbers. A security researcher exposed it publicly, Twitter patched it (to just return a token or something). Twitter investigated and just released their findings "out of an abundance of caution and as a matter of principle." that it's clearly been "exploited" many times in the past. Twitter probably charges for the data returned by this "exploit". It doesn't look like the settings offered stop Twitter from selling this "exploit" as a service for "promotional" content.
It's seems strange not care that Twitter sells your username but care they also accidently gave it out for free in the past.
Twitter's data collection/friend matching feature used an API endpoint that returned usernames given phone numbers. A security researcher exposed it publicly, Twitter patched it (to just return a token or something). Twitter investigated and just released their findings "out of an abundance of caution and as a matter of principle." that it's clearly been "exploited" many times in the past. Twitter probably charges for the data returned by this "exploit". It doesn't look like the settings offered stop Twitter from selling this "exploit" as a service for "promotional" content.
It's seems strange not care that Twitter sells your username but care they also accidently gave it out for free in the past.