They exploited the use of MEW for open ports, like the ones used by google. Other companies choose to pay for specific DNS which can not be spoofed.
Also, the problem is on people just accessing some websites without taking care of the certificate warning.

Always look for this in any website you visit, even more when dealing with crypto wallets, otherwise the safest is to have a hardware wallet.