Important Information Regarding Your VUDU Account. (fwd)

[security curmudgeon <jericho () attrition org>]

Here is the notice letter from VUDU.

---------- Forwarded message ----------
From: "VUDU, Inc." <email () email vudu com>
To:
Date: Thu, 18 Apr 2013 16:08:00 -0600
Subject: Important Information Regarding Your VUDU Account.

To view this email as a web page, follow this link:
[..]

=========================================

VUDU, Inc.
[..]

=========================================

Dear Brian,

We want to let you know that there was a break-in at the VUDU offices on 
March 24, 2013, and a number of items were stolen, including hard drives.

Our investigation thus far indicates that these hard drives contained 
customer information, including names, email addresses, postal addresses, 
phone numbers, account activity, dates of birth and the last four digits 
of some credit card numbers. It's important to note that the drives did 
NOT contain full credit card numbers, as we do not store that information. 
Additionally, please note if you have never set a password on the VUDU 
site and have only logged in through another site, your password was not 
on the hard drives.

While the stolen hard drives included VUDU account passwords, those 
passwords were encrypted. We believe it would be difficult to break the 
password encryption, but we can't rule out that possibility given the 
circumstances of this theft. So we think it's best to be proactive and ask 
that you be proactive as well.

SECURITY PRECAUTIONS:

If you had a password set on the VUDU site, we have taken the precaution 
of expiring and resetting that password. To create a new password, go to 
[..]
Click the "Sign In" button at the top of the page. Enter your current 
username and current password when prompted, then follow the instructions 
to reset your password securely. Also, if you use your expired VUDU 
password on any other sites, we strongly recommend that you change it on 
those sites as well.

As always, remember that VUDU will never ask you for personal or account 
information in an e-mail. Please use caution if you receive any emails or 
phone calls from anyone asking for personal information or directing you 
to a web site where you are asked to provide personal information.

As an added precaution, we are arranging to have AllClear ID protect your 
identity for one year at no cost to you. We have FAQs on our web site 
[..]
to answer questions on the incident and to more fully describe how to use 
the AllClear ID service. We have reported this incident to law enforcement 
and are cooperating fully with their investigation. We want you to know 
that we take this matter very seriously, and we apologize for any 
inconvenience this may have caused you.

Thank you,

Prasanna Ganesan
Chief Technology Officer, VUDU

=========================================

Security & Privacy:
VUDU protects your security and privacy. We will never ask for personal 
information (such as passwords or payment card information) in an email 
postcard. If you receive such a request, please do not respond to the 
email.

See our Privacy Policy:
[..]

VUDU, Inc., 2980 Bowers Ave. Santa Clara, CA, 95051, UNITED STATES
(c) 2013 VUDU, Inc. All rights reserved.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges.