They did not brute force a single private key, though. What they did was brute force brain wallets, which is something completely different.

Brain wallets take a human entered string - such as a word, phrase, or random characters - and use it as an input to a hash function. The output of the hash function is used as a private key. If you guess the input, then you can work out the private key. Since humans are terrible at being random, terrible at coming up with passwords, and terrible for reusing these passwords, many people reused passwords they used elsewhere as brain wallets, or used a line from a book, a lyric from a song, a movie quote, and so on. All of these are easily guessed.

There are multiple databases of thousands of hacked brain wallets, and there are bots constantly monitoring millions of brain wallet addresses ready to steal any coins which are sent to them. None of this is the same as brute forcing a private key.