A little while ago a number of people experienced a strange occurrence, receiving notification of an access to their eMail accounts at a time well out of their regular habits, The stated time of access in the message was identical in all their accounts, highly unusual. The message was encouraging users to enter a mobile phone number for 2-factor identification. It appeared to be a valid internal message from Oath/Yahoo.
If you get one of these then change your password anyway. And while 2-factor Id is great for banking and important things, I am cautious in using 2-factor for everything.
The 'Free Mail' sites are more and more pushing to get your phone numbers, while advertising at you, I suggest to all they many need to select a provider closer to home and pay for something more reliable.