Slashdot Mirror

← Back to Stories (view on slashdot.org)

Vudu Resets User Passwords After Burglary

Posted by Soulskill on from the what's-the-bandwidth-of-a-running-thief-carrying-all-your-hard-drives dept.

New submitter Chewbacon writes "If you can't hack it, smash and grab it. Video streaming service Vudu has emailed customers informing them of the theft of hard drives containing customer information. CNET reports the information on the stolen drives included: names, e-mail addresses, postal addresses, phone numbers, account activity, dates of birth, and the last four digits of some credit card numbers. Vudu's Chief Technology Officer Prasanna Ganesan said while no complete credit card numbers were stored on the hard drives and expressed confidence in password encryption, he felt the need to be proactive with the password reset and encouraged users to be proactive as well should the encrypted passwords become compromised. Vudu fails to mention, perhaps in a downplaying move, the last 4 digits of a credit card and much of the other information stolen is often enough to access an account through virtually any company's phone support."

3 of 42 comments (clear)

  1. Re:cheap bastards by cbiltcliffe · · Score: 3, Insightful

    Maybe they had a night watchman, and he's the guy that stole the drives.

    --
    "City hall" in German is "Rathaus" Kinda explains a few things......
  2. Last 4 digits = bullshit by Anonymous Coward · · Score: 2, Insightful

    Wish I knew which fucktard started that. The first 4-6 digits identify your card issuer, so if I knew you had a discover card (6011) and the last 4 digits, it would halve the search space for your card and LUHN will take care of a huge chunk of the rest. I once freaked out a coworker by reading her credit card number aloud as she typed it from across the room - she had the same university CC I had, the first 8 digits were the same. Look in your wallet and tell me how many cards you have from the same bank? If you were given back the first 4 digits of the card # on your receipt, you'd know exactly which card you used. Nobody else needs to know.

  3. A secret you have to tell everyone by jbmartin6 · · Score: 3, Insightful

    It strikes me as a little silly to think that the type of personal information on those drives is somehow going to stay a secret. You have to give it to dozens of organizations: banks, employers, stores, and so on. So using this information as a security identifier is a very flawed approach. We seem to accept this since the level of fraud is tolerable. Plus the alternatives such as smart cards are extremely expensive to implement across all of society.

    --
    This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.