Reddit provides a transparent report on a recent breach. The attacker succeeded in phishing an employee. However, "soon after being phished, the affected employee self-reported, and the Security team responded quickly."
It's good to see there seems to be a positive culture around security and that the compromise was handled relatively quickly.
However, the post still repeats the trope that humans are the weakest link. They're not. Humans are betrayed by bad threat models along with insufficient tools and processes. Even the xkcd comic they link to speaks to this -- your threat model should include that $5 wrench and, depending on the risks that come with compromised credentials, consider something like a $50 Yubikey to counter it.
(We could also mention threats to employees, personal threats for owners of large cryptocurrency wallets, or insider threats from individuals who have legitimate credentials for illegitimate purposes. But let's just kill the trope, not the joke.)