Walmart’s streaming service Vudu has advised users to change passwords after a security breach. Unusually, the action was taken following the theft of several hard drives rather than a hack attack. The channel said the disks contained names and other personal details about its customers.
It added that passwords saved onto the drives were stored in a scrambled form and that it only saved the last four digits of credit card numbers.
“While the stolen hard drives included Vudu account passwords, those passwords were encrypted,” chief technology officer Prasanna Ganesan wrote in an email sent to users.
“We believe it would be difficult to break the password encryption, but we can’t rule out that possibility given the circumstances of this theft. So we think it’s best to be proactive and ask that you be proactive as well.”
The firm said that its subscribers should change any password that matched the one they used on Vudu. It also warned them that they might receive spam emails and offered to pay for a one-year subscription to an identity protection service.
Some users complained on the firm’s Facebook page about the fact that Vudu had waited more than a fortnight before notifying them.
“I feel this information should have been shared on the 24th or 25th at the latest,” wrote Andrew Bennett.
“While I appreciate the notice, the two weeks since the theft would have allowed ample time to utilise any useful info and discard the rest.”
However, Vudu suggested it had needed time to look into the incident.
“We notified law enforcement immediately when the break-in was discovered, and have worked closely with them on the investigation,” a FAQ posted to the firm’s site stated.
“We have also worked to reconstruct the information that was included on the drives to ensure we had an accurate assessment.”