Reddit gets hacked.
Reddit announced that between June 14 and 18 an attacker compromised a few employee accounts and gained access to backup data, source code and logs. Specifically, they downloaded an archived backup of all Reddit data from 2007 and before, including account credentials, email addresses and public and private messages. The data that were compromised were mostly old, dating to 2007, and therefore probably stale (TechCrunch). Reddit is working with law enforcement, and is reaching out to users who may have been affected.
The vulnerability exploited apparently came down to a two-factor authentication failure: the hackers defeated two-factor authentication with SMS interception. Reddit doesn't use SMS for two-factor authentication, employing the more secure tokens instead as their additional factor, but one of Reddit's providers apparently did use SMS (WIRED).
The incident ought not to discourage users from two-factor authentication as such. Time-based, one-time-password authentication apps are not susceptible to the sort of interception that affected Reddit (Hot for Security).