The article suggests that many of the accounts in question may be from phishing or from a third party torrent site. This is a fine opportunity to talk about password security. I wouldn't be surprised at all if a fair number of accounts were compromised because of reused passwords.
There are some people who like to complain about password tracking tools like Password Safe and pieces of paper, but in all honesty, they work better than most brains. I would guess the average person can't remember more than two or three passwords at a time, and they're probably not very good ones at that. One of them is likely their ATM PIN of 1234. If you're some sort of super genius who can remember hundreds of passwords, and you read this blog, I don't believe you. Quite often the concept of perfect can interfere with our ability to get things done. In most instances, a perfect solution is unattainable, where good enough is possible and is better than it was previously.
Attacks like this have happened more than once, I've had it happen to me. I used to use a throw away password for all my public mailman accounts (this was before I realized that mailman will randomly assign me a password, as I never actually need it). That password was then later used to attempt to gain entry to private archives to a list I'm on. I didn't use that password there, but this made me understand that it was time to get serious about my passwords. I now use a tool called pwsafe, which uses the Password Safe database format for storing passwords. I of course don't use this for any REALLY important passwords (I keep those in my brain, and they're not near as impressive as the pwsafe passwords).
If you're like most people, and use a couple of passwords everywhere, please stop doing that. Find a good password generating tool, and either use a piece of paper or something like password safe to store them. The other big advantage to using not your brain to store passwords, is that it's much easier to change them. How many of you have been using the same password for five years, because it's too annoying to think up a new good password? Lots of us do that, it's hard to change.
I'm personally not a fan of password maker. I think it's a suitable solution for some people, but I'm not willing to use it, I wouldn't sleep at night. My problem is that in the event a bad guy comes to have your default password maker settings, they have access to all your current and FUTURE passwords.
One solution is to have a random password ( let's say aaaaaaa ) that you prefix or suffix with a context dependent letters ( let's say the two first letter of the website, and the first of the tld ).
So to log on example.org, the password will be aaaaaaaaexo.
The benefit are simple, we only need to remember the first password, and the scheme we use to generate the password. This is perfectly doable for most people, as this doesn't requires much long term memory. Yet this provides differents passwords for differents services, and the scheme can add enough complexity ( ie here, we take a 8 letters password and get a 11 letter one ) to protect against brute force attack.
There is some problems however, if someone get one password, and figure the scheme, you are screwed. And if you need to change the password somewhere, you will have to add a exception , and that's bad.
But I think the risk are quite low, the scheme can be made easy to remember but complex to figure. As you say, good enough is the goal.