If you have live server access yes (you can do whatever you want at that point). But if you just have a data breach then no. A data breach of the public keys wouldn't require them to reset two-factor auth for the impacted users. An attacker would need each user's private keys to authorize login attempts and Twitter doesn't store that anywhere so it can't be breached en masse from them.