Companies should quickly realize that ChatGPT can go both ways - it can turn a "script-kiddie" into fully fledged hacker if vulnerabilities continue to be this sloppy. I am fairly certain that low-skill hacker sweatshops already heavily rely on LLMs to quickly exploit trivial vulnerabilities like these.
Like it or not but I feel like account logins, PII and payment stuff will have to be handled by central big orgs. Ideally, I would like that to be a competent open-source government service. For now it is big companies like Google that can shove its SSO around in accessible manner to other sites.