We’ve said it many times … it’s important (no CRITICAL) that you not use the same password on all Websites. The reason for that just reared its ugly head yesterday in an email I received from the streaming movie service, VUDU.
Here’s part of that message:
We want to let you know that there was a break-in at the VUDU offices on March 24, 2013, and a number of items were stolen, including hard drives.
Our investigation thus far indicates that these hard drives contained customer information, including names, email addresses, postal addresses, phone numbers, account activity, dates of birth and the last four digits of some credit card numbers.
While the stolen hard drives included VUDU account passwords, those passwords were encrypted. We believe it would be difficult to break the password encryption, but we can’t rule out that possibility given the circumstances of this theft. So we think it’s best to be proactive and ask that you be proactive as well. … If you use your VUDU password on any other sites, we strongly recommend that you change it on those sites as well.
We usually think of sensitive information being garnered from externally hacked systems. Here’s a case where the bad guys brazenly broke into VUDU offices and ripped the hard drives right out of their computers, thereby gaining access to everything on that hard drives.
You can be sure they had just one thing in mind … to pilfer all of VUDU’s customer information they had on file, including usernames and passwords. The common thing to do next is to try to log on to other accounts using the same username and password, including email services, online banking systems, online merchants like Amazon, and everywhere else where they think they might be able to rip you off and profit from your confidential information.
Are you still using the same password for multiple Websites?
You have been warned!