This is why you should use different passwords for different sites….and never, ever login with your Facebook, Twitter or other account.

I was greeted with an email from VuDu today explaining that their offices has been broken into and some hard drives with personal info was stolen. Suspecting a scam, I went to the VuDu website and sure enough, this is what I found.

We understand you may have questions after receiving the email about the break-in at the VUDU offices, so we have created the following document covering frequently asked questions.

I heard there was a break-in at the VUDU office. What happened?

There was a break-in at the VUDU offices on March 24, 2013, and a number of items were stolen, including hard drives. Our investigation thus far indicates that these hard drives contained customer information, including names, email addresses, postal addresses, phone numbers, account activity, dates of birth and the last four digits of some credit card numbers. It’s important to note that the drives did NOT contain full credit card numbers, as we do not store that information. If you have never set a password on the VUDU site and have only logged in through another site, your password was not on the hard drives. While the stolen hard drives included VUDU account passwords, those passwords were encrypted. We believe it would be difficult to break the password encryption, but we can’t rule out that possibility given the circumstances of this theft. Therefore, we have reset all customer passwords.

Was the VUDU web site hacked?

No, the VUDU web site was not hacked and its functionality was not compromised. The VUDU offices were physically broken into and a number of items were taken, including hard drives with customer information.

What steps should I take to protect my password?

You should change your password on VUDU and any other sites on which you use the same password. As always, you should monitor for unauthorized activities on your account.
To start your password reset process, please click the “Sign in” button at the top-right corner of the site, and follow the instructions.

 

The more I read stories like this, along with reports about Customer Service reps folding to persuasion and resetting passwords for just about anyone, the less concerned I am about creating 26 character passwords with upper/lower/numbers and symbols. In the “passwords being compromised” arena, it seems like humans are prevailing over technology. Hell, a pickpocket doesn’t even need to change his pajamas anymore. All he/she needs to do is make a few phone calls to score some cash or merchandise. Based on the above event, Cloud storage may not be such a bad idea after all.

Like termites, it’s not a matter of if you will ever be attacked,it’s simply a matter of when. Be vigilant. 

NO COMMENTS