Hmm, Twitter say they've not been hacked...yet, the dark web offer includes current accounts? Well then if they weren't hacked, the data was handed over.
But, this is going to be the new normal. Two factor authentication for everything and that may not be effective eventually. To get into my system at work from my laptop at home, it's got a nifty two factor setup. I've an app on my phone, that the moment I try to log in sends a push notice. "are you logging in at boffowidgets.com?" I can say yes, and I get logged in...I say no and the browser window closes. Of course the IT department makes sure I change my PW monthly, and has rules about how to construct it. To my knowledge the mainframe has never been hacked, though occasional spam makes it's way into corporate email.