[paulddraper]

It was encrypted.

(HTTPS/TLS)

[wglb]

That protects the data between the browser and the web server (or SSL offloader) from eavesdropping and tampering. It does not protect against the case where the attacker gains authorization, over HTTPS, to administrative access at the web server.

[paulddraper]

Right. So what hypothetical encryption was cody8295 referring to?

[FuckOffNeemo]

As stated above, the data was not encrypted at rest.

[paulddraper]

Encrypting at rest wouldn't have solved anything.

They didn't steal the disk. They gained access to the web server, which would have access to the unencrypted data.

[FuckOffNeemo]

The article specifically states that encryption in transit is provided but not at rest, which is what the OP is referencing too.