Vudu has issued a mandatory password reset for its users after experiencing a security breach late last month. With these types of stories, "security breach" usually implies that a hacker has compromised a company's servers remotely, gaining access to sensitive information through digital means. That's not the case here.
Instead, Vudu's robbers took the less glamorous approach of physically breaking into the company's office on March 24 and stealing various items, including hard drives that contained user data. The Walmart-owned video streaming service's investigation has revealed that the stolen drives held customers' names, email addresses, postal addresses, dates of birth, phone numbers, account activity and the last four digits of some credit card numbers.
However, on the bright side, Vudu has stressed that the drives didn't contain full credit card numbers, which the company doesn't store. Additionally, folks who log into the service through other sites and haven't set up Vudu-specific credentials shouldn't have to worry about their passwords.
Users who set up a Vudu password don't necessarily have to panic either as they were stored in an encrypted state. Nonetheless, the company has forced a password reset across the board and it's encouraging users who use their Vudu password on other sites to change those too. "We believe it would be difficult to break the password encryption, but we can't rule out that possibility given the circumstances of this theft," Vudu CTO Prasanna Ganesan wrote in an email to subscribers. "So we think it's best to be proactive and ask that you be proactive as well."
The company has a detailed FAQ page covering the break-in, including information about how to reset your password and eligibility for free identity protection services from AllClear ID that will cover affected users for a year starting from yesterday, April 9.