In 2021 it was revealed that it was possible for an attacker to 'scrape' information about subscribers that should have remained confidential. In particular, it enabled the attacker to match email addresses to phone numbers -- where subscribers had provided their phone number [this is one of the main reasons that I recommend that folks do not use text messages (SMS) as means of 2FA]