Vudu, a popular video service, has begun to warn its users that, though they have not been “hacked”, their office was broken into a few short weeks ago.
A few days ago, Vudu initiated a network-wide mandatory password reset because of a burglary at their main office. The hard drives went with all information that was stored on Vudu’s servers including names, passwords, email addresses, account activity, birth days, and even some credit card numbers for premium members. Fortunately, no credit card numbers in full were stolen because Vudu doesn’t store anything but the last four digits of any credit card.
Though the information on the hard drives was encrypted for the most part with state-of-the-art technology, Vudu Chief Technology Officer Prasanna Ganesan warns that even the toughest security can be broken. He warned all Vudu users to “proceed with caution,” and included information on how to reset passwords from home computers as well as a warning to change passwords that are similar or identical on other websites.
“We believe it would be difficult to break the password encryption, but we can’t rule out that possibility given the circumstances of this theft,” Ganesan wrote in the apology email that was sent out earlier this week. “So we think it’s best to be proactive and ask that you be proactive as well.”
The email did not include any details on why it took almost three weeks to warn Vudu users about this internal issue.
As an added bonus, the company is offering AllClear ID to all of its affected members free of charge for one year. AllClear ID is a popular alert network that keeps users in the loop about their credit, identity, and online safety.