OK, let's see what we have here...
- Some social engineering
- One spearphishing email
- Lots and lots of "scary" demonstrations of what an attacker can do when they get root. ("OMG, they made my computer SPEAK TO ME!")
Anything new in this documentary? Hardly. Just the same well-known facts: If you can trick one person in handing over an account to an attacker, other accounts fall like dominoes. Duh. But the documentary (or rather, the article of the author/subject) fails to mention that there was hardly any classic "hacking" involved. If you can convice your mark to install malware on their machine, you can just as well try to convince them to hand over their laptop altogether. (You know, for "urgent repairs". Trust me, Apple sent me to pick it up.)
I'd rather like to know whether the people who fell to the social engineering calls were violating the rules, or if the protection/authentication rules of those companies are still not up to date.
One final thing: Both SSNs and credit card numbers are hard to keep secret. But yet they are still used as tokens of authentication, mainly in the US. As long as the majority of the people are content with keeping it this way, nothing will change (except the scope of breaches, which will continue to increase).