Not sure I'm with you on the "responding well" part. Why blog about it before even notifying your customers? And Joe's whole post seems fairly low-key given that this was a security breach and security is their entire business.
In the comments, they indicate that they're in the process of sending out emails to users. Sending lots of emails takes some amount of time; hopefully those are arriving in inboxes now.
It's low key given the impacts as they understand them now, but seems reasonable unless there's more to it than it currently known. We'll see how things develop in the coming days - just being forthcoming days after it was detected and providing guidance on how to respond is commendable though.
