Good news
All this IoT malarky is going to have to tighten up, and this kind of massive screwup is just the thing needed to bring big guns to make it happen.
IoT makers do not care if a consumer gets his kit hacked, but if a Google or major ISP gets into the legal game with a valid claim that the IoT maker did not do its due diligence in preventing massive communication disruption, that might start turning a few heads.
Likewise, it is impossible to use a lawsuit to prevent Joe User from getting his PC infected, but it is quite easy to demonstrate that equipment made by a specific company is the source of a problem.
I'm hoping this will happen and shake things up in the dismal security landscape of IoT.