Real World Burglars Rain on Vudu's Cloud-Based Service
More of our data may be in the cloud or encrypted in bits and bytes, but that digital information still has to be physically stored somewhere. For video streaming service Vudu, that meant the hard drives that burglars stole during a late March break-in. Customers were notified and passwords reset, but with all the focus on online security, the Vudu incident reminds security professionals that real-world thievery can sometimes have digital implications.
04/10/13 11:29 AM PT
Streaming video service Vudu is the latest Web-based business to be the victim of data theft, although unlike some recent highly publicized data breaches, this one began with a physical break-in.
Thieves broke into the Vudu offices on March 24 and stole hard drives that contained personal customer information including names, email addresses, phone numbers, addresses and dates of birth. Vudu said the website had not been compromised, and that all the data theft was a result of the burglary.
The company assured its customers that the thieves would not have access to their entire credit card information, because the system only stores the final four digits of the number. It noted that it was confident that the thieves would not be able to get past password encryption, but still changed all user passwords as an added precaution.
Vudu is also suggesting that customers change the passwords on any other sites where they used the same password as they did on Vudu, as well as warning consumers to keep an eye out for possible phishing or scam emails.
Vudu, which is owned by Walmart, did not respond to our request to comment for this story.
Old School Theft in the Digital Age
With all the recent digital security breaches and high-profile hacks, it's easy to forget that crooks still sometimes steal the old-fashioned way, said Chiranjeev Bordoloi, CEO of Top Patch.
"What's interesting is that this is an intersection of old school crime and cybercrime," he told TechNewsWorld. "Someone might steal these hard drives and have no idea about the value of what's on them, but someone who really understands the value of data can do a multimillion dollar heist. It's an interesting juxtaposition of physical crime and digital crime."
Vudu responded as well as it could following the theft, said Michael Murray, managing partner of MAD Security, even though the company can't reverse the results of the break-in.
"The company is definitely doing the best they can," he told TechNewsWorld. "Changing the users' passwords and notifying them will help, but, unfortunately, the damage has already largely been done."
Vudu isn't the only company that has had to repair some of that damage, said Murray. An era where data is stored in the cloud can help individual consumers ensure they'll still have important documents, even if their laptop or phone is stolen. Companies like Vudu, though, still need a brick-and-mortar space where servers and hard drives are stored, and they must focus on protecting that data both physically and digitally.
One of the best ways to digitally protect info, even if it's in the hands of thieves, is advanced encryption, Murray noted.
"We tend to spend a lot of time talking about the importance of encryption for mobile devices, but we often forget to encrypt data that's at rest on servers in what we believe to be secure facilities," he pointed out. "This kind of data breach shows the importance of encrypting sensitive data even when the system is within our control."
Still, there is only so much that can be done without the help of the individual user, said Bordoloi. Vudu could have added another layer of protection with its data, but as consumers plug more nformation into their devices -- and bring their own devices to their corporate offices -- they also must develop a greater understanding about how best to protect their personal information.
"Unfortunately, protecting tech data still relies so much on the consumers themselves," he said. "There definitely needs to be a greater awareness on that front. A sophisticated cybercriminal who knows exactly how to extract data can do a lot of damage."