Or handing your credit card to anybody in any store or restaurant, or giving it over the phone to some anonymous customer service rep. Either way it can be stolen by whoever hears or sees it. Or when the database of numbers is compromised, as in this case. But that has nothing to do with how the legitimate transactions on the card were processed. It's all about the seller (or campaign) failing to protect the information. How do you even know that these credit card numbers were obtained from of on-line transactions? Many could have been over the phone.
I don't care how it was taken- It is a failure of electronic money. The moment that transactions can be made without a signature, anyone can access any account and bleed it dry. It is a faulty and absurd system, and is wholly irresponsible.