Just to clarify a few things from other comments. SMS MFA is still leagues above not having MFA for security. It’s not great but it will protect you in like 80% of cases where you would’ve been hacked if you didn’t have MFA at all.
The primary problem with services that require any additional data from you though is that is an additional source for a leak. The same thing goes for name, address, phone number, etc. Phone numbers can be added to scam call lists which open you up to additional breach opportunities in the future, SIM swapping attacks, or even just using it as a number to spoof for other attacks.
For most accounts that I don’t care about I would be reluctant to give my number as for those sites I value privacy over security, but that’s a separate discussion.
Just to clarify a few things from other comments. SMS MFA is still leagues above not having MFA for security. It’s not great but it will protect you in like 80% of cases where you would’ve been hacked if you didn’t have MFA at all. The primary problem with services that require any additional data from you though is that is an additional source for a leak. The same thing goes for name, address, phone number, etc. Phone numbers can be added to scam call lists which open you up to additional breach opportunities in the future, SIM swapping attacks, or even just using it as a number to spoof for other attacks. For most accounts that I don’t care about I would be reluctant to give my number as for those sites I value privacy over security, but that’s a separate discussion.