Were the underlying cryptographic primitives ever bad (in a practical attack sense)? Even DES with it's 56 bit key was not cracked in a real targeted attack.
DES can be brute forced. RSA can as well, with key sizes that were once considered reasonable. MD5 and SHA-1 both have serious vulnerabilities.
Edit: it also used to be really common for people to use crappy, often homegrown primitives. How many systems were broken because the “encryption” was a simple xor with a fixed key or something? Now it’s very likely that the information you want to access is protected with something like TLS.
