We've known about this since reading an article about an intern working at RIM (now known as Blackberry) who built a sniffer well over 10 years ago. We have been transitioning away from 125kHz for several years. Now that the cost differential is negligible on new jobs we only quote smart card format. On existing clients we have notified them and look for opportunities to swap out if they upgrade old systems or do major addons. If you change out the readers to HID multiclass you can support older formats while issuing 13.56 credentials on anything new.
It will happen eventually, maybe slowly but at some point the format will be retired. I remember when Wiegand swipe cards were the standard and how many of those are still being used? A major vertical for us is condos and this is a big problem, especially in Toronto. In addition to losing control over who has access to facilities there have been stories of people renting out the building's guest suites on Air BNB and selling "fitness club memberships" using cloned 125 kHz credentials.
I agree that Bluetooth and NFC are still a bit too flaky for everyday use at present so the best you can do is advise your clients and make recommendations. If they can't/won't take your advice then so be it.
As for blaming ADI for selling insecure products I think that's a bit of a reach. They move boxes to make money. The products are legal and it's up to the person buying the product to understand the product's limitations and to determine if it's appropriate for the application. We rely on our own experience and expertise to be able to do the right thing for the customer. Expecting the distributor to do that is unrealistic, and in my view, unnecessary. ADI sells to the trade (well, mostly the trade) not retail consumers. The tradesperson should have requisite knowledge to design and install the system in accordance with the customer's requirements. Are they not "professionals"?
NOTICE: This comment was moved from an existing discussion: ADI Pushing Cracked 125 Khz Access Control