If RSA 2-factor tokens can be hacked (or "stolen" I guess, but the effect is the same), there's not much hope for the rest of us. Still a whole lot better than not doing 2 factor.
The point of multi-factor authentication is not that the additional factors are infallible. Rather, the point is, when one factor fails, there remain other factors still in place.
When RSA was compromised, accounts in which RSA was used as an additional factor remained protected by their remaining uncompromised factors - allowing time to replace the RSA factor.
