This sounds like good news for Apple Pay users.
Because of the way it works, Apple Pay is not affected by this.
From what I can tell, it is a crude, brute force approach that will work if you use simple dictionary words as your password, and your email address is known (a given). It apparently samples a known email account and goes through a list of words in a list or dictionary.
If you use a secure password, with random characters, upper/lower case, and symbols, the account will be safe.