Receiving two-factor codes through SMS texts to your phone number isn't the most secure way to set up the protection in the first place, because texts can be intercepted. It's better to use an authentication app, like Authy or Google Authenticator, that generates codes locally on your phone. That also has the ancillary benefit of allowing you to submit less personal data to tech companies in setting up security protections. But any two-factor is better than no two-factor. More importantly, you shouldn't have to make security decisions based on fear that massive tech companies can't handle basic data siloing.
This isn't the first time this type of violation has occurred, and it won't be the last. But let it be a reminder that every time you give your data to a company, no matter what they say it's for, it could end up being used for other purposes—specifically, other profit-driven purposes. For most people, it's infeasible to avoid giving out data like phone numbers and email addresses in day-to-day life. It's even tough to keep a lock on your Social Security number given how many businesses, utilities, and doctors' offices ask for it. And in a fair world, the onus wouldn't be on you in the first place. But being conscious of what you're giving out, and cutting back when it's possible, can have a real impact on your overall privacy.