In mid-June, an attacker broke into a few of Redditโs systems and managed to access some user data using compromised employee accounts. It could be another data breach, but it’s not. Why? The compromised accounts were protected by SMS-based 2FA. Is basic two-factor authentication no longer enough?
