Walmart-owned video service Vudu is undergoing a service-wide password reset after having data stolen during a break-in at its offices late last month.
The company emailed customers on Tuesday to inform them of the break-in and has posted the following statement on its website:
On March 24, 2013, there was a break in at the VUDU office and a number of items were stolen, including hard drives. These hard drives contained customer data including names, email addresses, mailing addresses, account activity, dates of birth, and encrypted passwords, but NO full credit card numbers. We are proactively retiring and resetting all passwords and notifying all customers. As another level of protection for customers we are also providing AllClear ID identity protection services. We reported the theft to law enforcement immediately, and are cooperating fully with their investigation.
Customers can also check out a related FAQ for additional information.
Considering that the break-in occurred over two weeks ago, it’s not clear why Vudu waited so long to contact customers. Users who created a password directly on the Vudu site may be in jeopardy, as encrypted versions of passwords were stored on the hard drives. Vudu believes that it “would be difficult to break the password encryption”, but it also cautions that it can’t rule out the possibility.
Potentially affected customers are advised to change their passwords on other sites where they used the same password and be mindful of suspicious emails with links to other websites. Beginning today, they will have access to AllClear identity protection services for the next year.
Moving forward, Vudu says it is taking additional steps to better protect its physical data. The company is also increasing the strength of its password requirements.
Image credit: iStockphoto