That's bizarre - but it still has me wondering how the FTP traffic got in, through NAT. If they weren't on the correct FTP port (21) the login attempts would not have registered at all. So I don't think uPNP is the final answer here, and would still check for any Port Forwarding settings on the HomeHub.

I'm a bit rusty on the issues, but I'm reading about some of the problems with uPNP, and they include security holes in its Internet Gateway Device spec. According to a report on Wikipedia, a Flash applet on a website can get a uPNP-enabled router to set up port forwarding, exposing a computer to internet attacks.