For all we know all users who recently purchased tuners could have had their credit card numbers stolen.
Unlikely, as those were handled through Digital River, not through SonicBlue.
In any case, it's rare for a web server to be the same machine as the one that stores the financial transaction data, so even if a web server is compromised, it doesn't necessarily mean any user data was compromised.
That's not to say that this sort of thing hasn't ever happened. Doug Burnside can testify that it has, indeed happened to some companies in the past.
___________
Tony Fabris