Woke up to find people discussing this security hole at CJ and how easy it would be to hack the info. They were posting internal files from one of CJ’s servers. I called some of my contacts at CJ, but they are closed for the weekend so I left a voice mail. One of the guys that helped discover it, had this to say about the spider or bot that started the whole thing:

The funny part is that it’s a three-fold screw-up:
1. They have this machine publicly-accessible (it’s not their main web server, somebody actually put in on the outside).
2. This apparently wasn’t enough publicity for them and somebody ran/running a crawler on this machine, which identifies the machine to all the sites it’s visiting.
3. There’s no authentication of any kind for this system.

Unsure how sensitive the info was or how long it was unsecure. The hole has reportedly been plugged sometime today. Original Source that lead me to the DP thread: Rusty Brick’s Seroundtable - Commission Junction Security Hole Discovered.