They've not yet proven that any account is compromised.

Just saw this link posted in a thread on Bitcoin Discussion: https://www.ledger.fr/2018/12/28/chaos-communication-congress-in-response-to-wallet-fails-presentation/

It seems to confirm what I was saying. In short, they used a bug to install custom firmware in the bootloader, but did not access the secure element or manage to extract any PINs or seeds, and the bug will be patched in the next firmware version. I'm also pretty impressed by the response time from the Ledger team here.