Burglars Break Into Vudu Offices And Steal Hard Drives, Customer Passwords Reset

The offices of Walmart owned video streaming service Vudu experienced a break-in on March 24, 2013, and, in response to that break-in, the group has been forced to reset user passwords. Burglars stole various items from the company including customer data containing hard drives.

In an email to customers, Vudu CTO Prasanna Ganesan writes:

“Our investigation thus far indicates that these hard drives contained customer information, including names, email addresses, postal addresses, phone numbers, account activity, dates of birth and the last four digits of some credit card numbers. It’s important to note that the drives did NOT contain full credit card numbers, as we do not store that information. Additionally, please note if you have never set a password on the VUDU site and have only logged in through another site, your password was not on the hard drives.”

The company did encrypt user passwords on the stolen hard drives, and, for that reason, the risk to customer privacy is considered minimal. However, Prassana says Vudu reset customer passwords in order to be proactive.

Following the attack the company is suggesting that all users take the following steps:

SECURITY PRECAUTIONS:

If you had a password set on the VUDU site, we have taken the precaution of expiring and resetting that password. To create a new password, go to www.vudu.com. Click the “Sign In” button at the top of the page. Enter your current username and current password when prompted, then follow the instructions to reset your password securely. Also, if you use your expired VUDU password on any other sites, we strongly recommend that you change it on those sites as well.

As always, remember that VUDU will never ask you for personal or account information in an e-mail. Please use caution if you receive any emails or phone calls from anyone asking for personal information or directing you to a web site where you are asked to provide personal information.

As an added precaution, we are arranging to have AllClear ID protect your identity for one year at no cost to you. We have FAQs on our web site (vudu.com/passwordreset) to answer questions on the incident and to more fully describe how to use the AllClear ID service. We have reported this incident to law enforcement and are cooperating fully with their investigation. We want you to know that we take this matter very seriously, and we apologize for any inconvenience this may have caused you.”

Hacking of corporate servers has been on the increase lately but this is one of the first physical break-in attempts we have witnessed for potential user data mining purposes.