Vudu Resets User Passwords After Burglary

New submitter Chewbacon writes "If you can't hack it, smash and grab it. Video streaming service Vudu has emailed customers informing them of the theft of hard drives containing customer information. CNET reports the information on the stolen drives included: names, e-mail addresses, postal addresses, phone numbers, account activity, dates of birth, and the last four digits of some credit card numbers. Vudu's Chief Technology Officer Prasanna Ganesan said while no complete credit card numbers were stored on the hard drives and expressed confidence in password encryption, he felt the need to be proactive with the password reset and encouraged users to be proactive as well should the encrypted passwords become compromised. Vudu fails to mention, perhaps in a downplaying move, the last 4 digits of a credit card and much of the other information stolen is often enough to access an account through virtually any company's phone support."

Re:cheap bastards

[cbiltcliffe]

Maybe they had a night watchman, and he's the guy that stole the drives.

Re:cheap bastards

[lxs]

Who watches the watchmen.

I know! That movie is like three hours long.

A secret you have to tell everyone

[jbmartin6]

It strikes me as a little silly to think that the type of personal information on those drives is somehow going to stay a secret. You have to give it to dozens of organizations: banks, employers, stores, and so on. So using this information as a security identifier is a very flawed approach. We seem to accept this since the level of fraud is tolerable. Plus the alternatives such as smart cards are extremely expensive to implement across all of society.

hard drive encryption, anyone

[Lluc]

How much do you bet this data was copied onto someone's laptop, sitting on a desk, rather than a thief breaking into a datacenter and pulling an entire server?