It turns out that not only were the accounts of millions of Ashley Madison compromised, the site was incompetently implemented (in security terms) above and beyond the breach itself, making the majority of passwords crackable in short order. ArsTechnica has a writeup on the programming blunder in Once seen as bulletproof, 11 million+ Ashley Madison passwords already cracked.
Who’s to say that any particular institution or business has not made similar blunders?
The bottom line is simple: the Cloud is not a safe place, period. And it won’t ever be. It doesn’t matter which company is involved, or whether 99/100 sites are secure 99% of the time. All it takes is one compromised site (people re-use password, login with FaceBook, etc), one backdoor, one programming mistake and *poof* — bye bye money. It is the classic when-not-if scenario.
If you have substantial financial assets, MPG advice is to look with skepticism upon any bank or brokerage or similar that does not offer some kind of two-factor authentication (password + hardware token or similar), limits on withdrawals, etc. And turn on account alerts. For example, within seconds of making a purchase, deposit, transfer, etc, my phone gets an SMS message from my bank. If I have not actually done so, such alerts give me immediate warning of trouble. I also place daily limits on payments and transfers.
Nothing is foolproof and all conveniences have risks. Minimize the risks, don’t keep all assets in one place, and never, ever re-use passwords or similar ones. More on password security.