https://krebsonsecurity.com/2018/08/reddit-breach-highlights-limits-of-sms-based-authentication/
Of particular note is that although the Reddit employee accounts tied to the breach were protected by SMS-based two-factor authentication, the intruder(s) managed to intercept that second factor.