Forgot your password?
typodupeerror
Security Crime

Vudu Resets User Passwords After Burglary 42

Posted by Soulskill
from the what's-the-bandwidth-of-a-running-thief-carrying-all-your-hard-drives dept.
New submitter Chewbacon writes "If you can't hack it, smash and grab it. Video streaming service Vudu has emailed customers informing them of the theft of hard drives containing customer information. CNET reports the information on the stolen drives included: names, e-mail addresses, postal addresses, phone numbers, account activity, dates of birth, and the last four digits of some credit card numbers. Vudu's Chief Technology Officer Prasanna Ganesan said while no complete credit card numbers were stored on the hard drives and expressed confidence in password encryption, he felt the need to be proactive with the password reset and encouraged users to be proactive as well should the encrypted passwords become compromised. Vudu fails to mention, perhaps in a downplaying move, the last 4 digits of a credit card and much of the other information stolen is often enough to access an account through virtually any company's phone support."
This discussion has been archived. No new comments can be posted.

Vudu Resets User Passwords After Burglary

Comments Filter:
  • by Nyder (754090)

    when the thieves come in thru the window. (No, not Windows OS, but the actual window.)

    • Physical security is just as important as online security you can get just as much info out of a PC in a skip as you can online if it wasn't wiped correctly for instance.
    • by Anonymous Coward

      If they steal our drives they're none the wiser. Use the OS-provided disk encryption people, the boot drive doesn't necessarily need to be encrypted but databases and log files should be.

      To successfully "steal" our data this way the thieves need to arrive with a portable UPS, isolate the right machines, swap them over onto the UPS and then steal them still running, whereupon they can probably use some existing exploit to get past the login screens etc. on console. That's a big ask, considering they have to

    • Security through obscurity: My data is safe, even if the thieves break in. No way they can find anything in the mess that I call home. :)

  • keeping a night-watchman (armed guard) on duty during "off hours" would have more than likely prevented this
  • Does used commodity x86 server gear(with hot serial numbers, no less) actually have enough resale value somewhere that it would be reasonable to imagine that the thieves might actually have been after the hardware, or would they have had to have other motives(whether data access, or something else they thought was in the building) to make taking the risk worth it?

    I can see the case for smash-n-grabs on consumer gear, especially laptops and iDevices and such, where gullible and/or morally flexible people do

    • by jjjacer (1254004)

      with the price of new drives not falling, maybe the used market has gotten bigger. i know back around the year 2000 at the super computer sales i swear i saw a bin of drives that got ripped out of stolen computers (looks like they were well used and abused and the seller looked like a drug dealer).

      Or maybe people dont want to pay for new drives and are resorting to just stealing from places that have a large supply.

    • by cdrudge (68377)

      Where does it say what type of drive was stolen or what it was in? Backups of a production database on a developers' laptop hard drives for instance would still fit the story if laptops were taken. Or if they were on external drives but used for the same purpose.

      Even if they were "enterprise drives" in a server, NAS, SAN, etc there is some used market for them. Probably not the same market that wanted them new, but they'll still sell for the right price.

    • If a thief thought he was getting a storage container full of SSDs, that could be enough motivation. Even used they go for big bucks, especially the enterprise ones.

      My step-mom had her checking account put on hold once after a spurious transaction showed up on it. Come to find out a computer system from the electronic check processing company that Walmart uses was stolen by an employee and sold to some nefarious group.

    • by Orestesx (629343)
      Why bother going through all that work when a waitress can just write down the cc number when she swipes your card.
  • by Anonymous Coward

    Wish I knew which fucktard started that. The first 4-6 digits identify your card issuer, so if I knew you had a discover card (6011) and the last 4 digits, it would halve the search space for your card and LUHN will take care of a huge chunk of the rest. I once freaked out a coworker by reading her credit card number aloud as she typed it from across the room - she had the same university CC I had, the first 8 digits were the same. Look in your wallet and tell me how many cards you have from the same ban

  • by jbmartin6 (1232050) on Wednesday April 10, 2013 @09:20AM (#43411357)
    It strikes me as a little silly to think that the type of personal information on those drives is somehow going to stay a secret. You have to give it to dozens of organizations: banks, employers, stores, and so on. So using this information as a security identifier is a very flawed approach. We seem to accept this since the level of fraud is tolerable. Plus the alternatives such as smart cards are extremely expensive to implement across all of society.
  • by Lluc (703772) on Wednesday April 10, 2013 @09:47AM (#43411581)
    How much do you bet this data was copied onto someone's laptop, sitting on a desk, rather than a thief breaking into a datacenter and pulling an entire server?
  • Anybody hear ever use vudu?
    • Yup, I use and love VuDu. I currently have 38 movies in my collection on their service. Why, because they are the best online streaming service that supports Android tablets and they also offer the highest resolution streaming in their HDX format for my HTPC and laptop. You can also download local copies for viewing offline on Android tablets. I got much of my collection from redeeming UltraViolet codes from BluRays and also got some as free promotions. WalMart has also partnered with them to put any o

  • Yes, I. Use VUDU...solely because every BD I get has a redemption code for Vudu and UltraViolet. I'm not worried; they essentially got data on my that's accessable...last 4 of the CC number? That's been out there since. Everyone else merely just gets hacked. I don't use the same identity details on important things...you couldn't access my back with jus VUDU info...you need several pieces of info for that. At lease they're doing something; most places just say you're on your own and we're sorry...VUDU gave
  • Ganesan does not appear to have actually said "proactive" twice, or even once. "New submitter Chewbacon" is apparently a marketing droid.
    • by Anonymous Coward

      I see it twice in TFA. Not reading TFA and complaining about TFS? Way to slashdot.

APL is a write-only language. I can write programs in APL, but I can't read any of them. -- Roy Keir

Working...