This is how I think things would probably happen in real life.
When an attacker cracks passwords in the hash table from some insecure forum they don't instantly get your bank account since (if it works like my bank) you aren't logging in with your usual online username or email address to the internet banking sites.
The forum has your username, hashed password (now assumed to be cracked) and the email you registered with.
The email account has to be sharing the same password (working out if users are prefixing "psn_" isn't worth the hackers time when there are thousands of other suckers who don't). With the email account now compromised the hacker has access to all your archived emails and knows of all the sites that you have registered for and can even reset your passwords if they wish to. Steam, WOW, ect. with access to the email account they can change the email account associated with it and sell if off.
Now if the victim happens to receive transaction statements in that same email account then now the hacker does have the bank and customer/account numbers needed to log on. Provided that the user has done all the wrong things (top500 password, reusing password on all sites) they are screwed. Sadly, as TFA argues, enough users do all the wrong things to make this highly profitable for the bad guys.