According to VICE, Syniverse operates text messaging for Verizon, T-mobile, AT&T, China Mobile and other mobile phone carriers. On September 27, 2021 it was revealed they had been hacked in May 2016. That’s five years of every text message’s sender, recipient, location info, and text itself could have been read by the hackers.
Passwords and two-factor authentication should not be sent by text. Instead use one-time password services from from services like Authy as your second source of authentication. If you have to send passwords via message, at least use a secure app like Signal, or a secure document accessible by only the people that need access to it.