Not too shocking
This isn't too shocking. Given the computing power of equipment of the last few years or so, and the ease and cost of building your own cluster (or, for non-ethical companies, renting a botnet to act as a cluster) and running a distributed program to run the factorization necessary to crack a password, it was only a matter of time.
This is one of the reasons I'm completely against biometrics used as passwords. Typed passwords can (and often are in enterprise settings) changed frequently. Knowing this month's password doesn't help you next month or next year. Biometrics, on the other hand, never change. You cannot change your fingerprint. So you will be using the same password forever. Isn't that exactly what security professionals explicitly tell us NOT to do? In other words, biometrics will make our data LESS secure.
One other thing to consider about biometrics is that they act exactly the same as passwords do now, except the "password" is a number based on the biometric data instead of text you typed in. From that point, it's exactly the same -- the input mechanism sends the password to the program, and the program stores it or compares it against the stored hash. So in order to crack a biometric, all someone needs to do is get a copy of the password hash and run the same exact factorizations they currently do. Once they have the correct number, they just need a way to input it into the system (bypassing the biometric reader).
Having said all that, do I have an answer or even a suggestion? Unfortunately, no, I do not. And while I know it's appropriate to come to the table with answers instead of just negative opinions, I have no idea what can be done. It seems that we will always be playing catch-up in the persistent-password arena. The only thing I can see, and it certainly is not a good workaround, it to use ridiculously long hashes (RSA-16834, anyone)? But even those will eventually be cracked by more powerful computers or clusters. Perhaps the answer is something like SecurID, a token which changes every minute or so. The problems with that are: A) cost, B) receiving the signal, and C) dependence on one company.