This is bizarre, and suggests some sort of additional, underlying problem that has not been disclosed.
According to finextra:
Online broker TD Ameritrade says an internal investigation into stock-related spam uncovered 'unauthorised code' in its computer systems that allowed illegal access to an internal database.
TD Ameritrade claims no customer assets or social security numbers were stolen, and the code only increased email spam to customers.
What does "unauthorized code" actually mean? I think someone broke into their system, analyzed their database code, and then patched that code to accomplish some particular goal. If intruders are sophisticated enough to modify protected code to send spam, they are smart enough to do other bad things as well. All this took place inside the TD Ameritrade security barrier. Serious stuff, indeed.
[via ZDnet colleague and fellow Enterprise Irregular Dennis Howlett]