Finally got back my T-mobile account (yes, it was a sim swap, meaning that someone socially-engineered T-mobile itself to take over my phone number).

Main learning re twitter was:

> A phone number is sufficient to password reset a Twitter account even if not used as 2FA. Can completely remove phone from Twitter.

I had seen the "phone numbers are insecure, don't authenticate with them" advice before, but did not realize this

@vitalik.eth besides removing phone number as backup, I would also recommend to 'lock' your account with T-mobile. It's more painful to switch eSims, but it gives you much better protection. I also suggest to add passcodes for messengers like Signal, Telegram and Whatsapp.