Before January 2022, a vulnerability was found in twitter's API that allowed access to account information, some of this information ranged from ID, verified status, generic information to more vulnerable information like phone numbers and email addresses. This issue was fixed on short notice but that did not stop the previously gained information to spread onto a unknown hacker forum.
With this information, people can send out phishing emails to anyone who have had the misfortune of having their email address included in the leak.