Because of the way it works, Apple Pay is not affected by this.
From what I can tell, it is a crude, brute force approach that will work if you use simple dictionary words as your password, and your email address is known (a given). It apparently samples a known email account and goes through a list of words in a list or dictionary.
If you use a secure password, with random characters, upper/lower case, and symbols, the account will be safe.
LOL!
I just had this thought-image of people naming their pet #ReDEE@oooY or lkOK*&*Kli%... so they’ll have an easy to remember password!
If you have a good password, good luck with trying to figure it out with a brute force assault. The Possible passwords are vast. You might as well find the key the old fashioned way at that rate, or torture the computer user for the key.