Insufficient Encryption

Update (April 19th 2009) - E!News provides additional interesting details about Josh Holly, the hacker who carried out the attack.

phpBB was known for years as one of the most insecure software packages out there. It is responsible for one for one of the 1st application layer worm, Santy back in 2004. How ironic is that its own web site was seriously breached due to a vulnerability in another software package used...

As a side story to ValueClick indictment of deceptive marketing by the FTC, the FTC investigation also found SQL injection vulnerabilities and lack of sufficient encryption of sensitive customer information. These findings contributed to the $2.9 million fine the FTC levied on ValueClick as well as to the company being dumped from managing eBay's affiliate program.