But the dynamics of token interaction are somewhat different. They have limited validity – meaning attacks are likely going to target more diverse groups of individuals in one-off attacks, as opposed to ammassing victims for repeated attacks. That's going to be a niusance to crime-fighting organizations. Implications of a token theft are also more layered: the attack can only go as far as the token's permissions do. Assuming that there is no exploitable vulnerability in the underlying authentication and authorization technology.
It could be interesting watching for the first token-attacks.
Tokens are the new passwords
What logging in with Facebook, Google, Twitter, and co. means for your online safety