The tech community has known about the risk of using SMS in two-factor authentication for years. Reddit appears to have missed the memo.