Amid growing fears of security
threats to online services, one that is often overlooked is flat-out burglary, which is the old-fashioned way of getting hacked. Movie streaming
revealed that its offices were burglarized on March 24th, and thieves made off with hard drives, among other things.
According to an FAQ that Vudu posted on its site, the hard drives indeed contained customer data, “including names, email addresses, postal addresses, phone numbers, account activity, dates of birth and the last four digits of some credit card numbers.” The drives also contained passwords; although they’re encrypted, Vudu has gone ahead and reset all users passwords. That’s the bad news.
The good (well, not as bad) news is that Vudu doesn’t store full credit card numbers, and it doesn’t have a record of passwords if users logged on from another site instead of directly through Vudu.
Why didn’t anyone hear about this sooner? That’s unclear, although from Vudu’s statement on that issue, we infer that law enforcement advised them to keep it quiet until the investigation was complete and a full assessment of the damage was done.
That won’t be much comfort to those who have had their private data swiped by criminals who are doing god-knows-what with it, though. Typically when a company experiences a security breach, it takes immediate action to identify and remove the threat and alerts users right away; Vudu let this breach fester for well over two weeks, which is egregious.
The company did throw users a bone by offering a year of free AllClear ID identity protection service, but it might be too little, too late.