It probably does not have any merit, IMHO.
The outfit that announced this "discovery" (local to me, BTW, and they have a new office across the hall from a client of mine) indicates they get their information from chat rooms and discussion groups frequented by hackers. They (Hold Security), to the best of my knowledge, have not released any details that could be used to substantiate these statements.
IMHO, this is an effort by an outfit to make a name for themselves. Here, look at the Wikipedia article they apparently created about their announcement:
http://en.wikipedia.org/wiki/2014_Ru...password_theft
FWIW, these types of attacks would typically not net actual passwords, but hashes of passwords. You would need the key and the hash to get the actual password. But again, I'm doubting anyone has 1.2 billion of anything at this point.