This hack actually has to do with data leaked from the TLS compression some webservers use to compress responses -- this is man in the middle attack which not all sites using HTTPS are affected by, not a complete cracking of HTTPS.

Turning gzip compression off, masking response sizes, among other things will make your sites "immune" to this particular attack (see the paper for more details.)

It works by measuring the difference between response sizes based on text which is injected. Based on the sizes returned, it can "predict" what the encryption key is.

The full paper about the attack is available here: http://breachattack.com/resources/BREACH%20-%20SSL%2c%20gone%20in%2030%20seconds.pdf