Security Experts:

Office Break-in Prompts Vudu to Warn Customers

Vudu, a subscription-based digital entertainment service, says that crooks walked off with a number of items, including hard drives when they broke into their offices last month. The company says the delay in notification was due to a request form law enforcement investigating the break-in.

The company stresses that their corporate website wasn’t hacked, but that thieves broke into their offices on March 24, 2013. The next day, when the break-in was discovered, an inventory discovered a number of missing items, including hard drives containing account information.

Vudu says that the drives themselves contained names, email addresses, postal addresses, phone numbers, account activity, dates of birth and the last four digits of some credit card numbers. Complete credit card details are not maintained by the company, but they are playing it safe with regards to the other data and have reset everyone’s password.

“While the stolen hard drives included VUDU account passwords, those passwords were encrypted. We believe it would be difficult to break the password encryption, but we can't rule out that possibility given the circumstances of this theft. Therefore, we have reset all customer passwords,” Vudu said in a statement.

“It is possible that you could get spam email, emails asking for personal information, or emails asking you to click on links to other websites. As always, you should never provide personal or account information in response to a call or email claiming to be VUDU (or anyone else) and you should avoid clicking on links in emails you were not expecting.”

In addition to the warnings, password resets, and strengthened password requirements, customers will be notified of the breach by email, and given additional instructions as to how they can enroll in a free credit monitoring service.

Not everyone qualifies for this, only those with passwords on the service will be eligible. 

view counter
Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.