Forgot your password?
Security Crime

Vudu Resets User Passwords After Burglary 42

Posted by Soulskill
from the what's-the-bandwidth-of-a-running-thief-carrying-all-your-hard-drives dept.
New submitter Chewbacon writes "If you can't hack it, smash and grab it. Video streaming service Vudu has emailed customers informing them of the theft of hard drives containing customer information. CNET reports the information on the stolen drives included: names, e-mail addresses, postal addresses, phone numbers, account activity, dates of birth, and the last four digits of some credit card numbers. Vudu's Chief Technology Officer Prasanna Ganesan said while no complete credit card numbers were stored on the hard drives and expressed confidence in password encryption, he felt the need to be proactive with the password reset and encouraged users to be proactive as well should the encrypted passwords become compromised. Vudu fails to mention, perhaps in a downplaying move, the last 4 digits of a credit card and much of the other information stolen is often enough to access an account through virtually any company's phone support."
This discussion has been archived. No new comments can be posted.

Vudu Resets User Passwords After Burglary

Comments Filter:
  • Re:cheap bastards (Score:4, Insightful)

    by cbiltcliffe (186293) on Wednesday April 10, 2013 @06:03AM (#43410381) Homepage Journal

    Maybe they had a night watchman, and he's the guy that stole the drives.

  • by Anonymous Coward on Wednesday April 10, 2013 @08:13AM (#43410915)

    Wish I knew which fucktard started that. The first 4-6 digits identify your card issuer, so if I knew you had a discover card (6011) and the last 4 digits, it would halve the search space for your card and LUHN will take care of a huge chunk of the rest. I once freaked out a coworker by reading her credit card number aloud as she typed it from across the room - she had the same university CC I had, the first 8 digits were the same. Look in your wallet and tell me how many cards you have from the same bank? If you were given back the first 4 digits of the card # on your receipt, you'd know exactly which card you used. Nobody else needs to know.

  • by jbmartin6 (1232050) on Wednesday April 10, 2013 @09:20AM (#43411357)
    It strikes me as a little silly to think that the type of personal information on those drives is somehow going to stay a secret. You have to give it to dozens of organizations: banks, employers, stores, and so on. So using this information as a security identifier is a very flawed approach. We seem to accept this since the level of fraud is tolerable. Plus the alternatives such as smart cards are extremely expensive to implement across all of society.

1 + 1 = 3, for large values of 1.