According to some guy on reddit you are correct: https://www.reddit.com/r/crypto/comments/3et3va/why_does_tot...

The post also gives a justification for using symmetric encryption, it lets the tokens users enter be shorter.

What exactly are you asking here? I read it as saying the 2FA somehow "leaks", but that doesn't make sense, so I think I've misunderstood you.

Hardware/Software 2FA tokens are based on a PRNG with a shared seed. If the table with passwords was accessed it's likely the table with 2FA seeds is hacked.

Twitter uses a one-time code sent via sms so I don't think this would be an issue unless the hack is persistent.

> Hardware/Software 2FA tokens are based on a PRNG with a shared seed. If the table with passwords was accessed it's likely the table with 2FA seeds is hacked.

Oh, damn. Thanks for pointing this out. I'd never looked into the details of HOTP or TOTP -- I assumed they were using public-key crypto rather than just a hash of shared values. That sucks. :(

Almost everyone here was talking about a leaked database of accounts, so I went with that if the database leaks, shared secret 2FA is useless.

The article says data may have come from user input, so yeah, 2FA would actually help there and wouldn't "leak".