I think that this scare is overblown, the likelihood of millions of people being hacked is very low.
Yes and no. Millions of people are hacked all the time. Odds are good that social engineering or other exploits will be more useful anyways--most hacking of users doesn't even need to spy on the kernel or whatever except possibly as a means to defeat ASLR or the like for the initial exploit. The real risk, IMHO, was (and still is) hackers getting access to private keys on cloud services to escalate to getting signing keys which then can be used to sign malware, forge SSL certificates, etc. Trying to clean up that mess for a lot of businesses and trying to well communicate users how to resolve it would be the worst of it. It doesn't help that most companies would pull an Intel and dissemble on what happened, be slow to acknowledge it happened, and generally try to shift blame away from the severity of it.
The real issue, IMHO, is that side-channel attacks on caches and speculation have both proved to be viable. Add in row hammer, and it seems more and more likely that some day someone will decide to write a malicious worm and do a lot of damage on the internet. Ironically, we're better off now precisely because malware writers are mostly financially interested and they want the internet to keep functioning. I don't think that's going to last forever. My gut feeling is this is going to blow over like rowhammer mostly has, people (especially in infrastructure) are going to make a half-hearted attempt to address the issue, and someone grey hat is going to decide that the world needs to be "taught a lesson".