This was a problem before Twitter allowed 2FA via SMS, so I'd argue this is very much a Twitter problem.
Afaict this all stems from mixing verification with authentication, where verification may be required when creating an account and authentication (and possibly more verification) when using the account.
Because people get new sims and legitimately transfer their numbers _all the time_.
I'm not saying they shouldn't put more effort into verifying the transfer, I'm just explaining why its quick and easy and they don't invest in checking much.
Twitter is the service that accounts are being stolen from. There exists a trivial solution to the problem (stop allowing people to reset accounts via only SMS verification).
As a user, I'm at risk because Twitter is refusing to implement that trivial protection.
I don't care who's fault it is, but it is very much Twitter's problem.
