The offices of video download service Vudu were broken into recently, and hard drives with user information were among the items stolen, the company said today in a statement emailed to customers.
Vudu is headquartered in Santa Clara, Calif.; according to the company, the break-in took place March 24.
"Our investigation thus far indicates that these hard drives contained customer information, including names, email addresses, postal addresses, phone numbers, account activity, dates of birth and the last four digits of some credit card numbers," said Vudu chief technology officer Prasanna Ganesan in the email.
Vudu does not store full credit card numbers, and the company repeatedly said in a customer FAQ that there's no chance of credit card information being accessed by outside parties. However, the hard drives did include encrypted passwords for Vudu accounts, so if customers set a password on the Vudu website, their account may be at risk. Because of that, Vudu said it reset the password for any account that had a password created on the Vudu website.
Vudu is also giving affected customers — anyone whose password has been reset — a free one-year subscription to AllClear ID, an identity theft prevention service that alerts users to suspicious activity. It is the same service that Sony offered to people whose information was compromised in the April 2011 PlayStation Network hack.
As for preventing future incidents such as this, both physical break-ins and internet security breaches, Vudu said, "We have many measures in place to protect customers' data and we are implementing additional measures to protect against physical theft. We are also increasing the password strength requirements for Vudu passwords in order to ensure a greater degree of protection."
Vudu apps are available on Xbox 360 and PlayStation 3, as well as on smart TVs and set-top boxes. We've reached out to the company to ask if the information of users who only accessed the service through console apps is at risk due to this break-in, and will update this article with any response we receive.
Update: A Vudu representative told Polygon, "If you have never set a password on the Vudu site and have only logged in through another site, your password was not on the hard drives." So it seems that users of console Vudu apps who didn't log in on the Vudu website are safe when it comes to their account being compromised.
Update 2: Asked to provide an estimate of the number of users affected, a Vudu representative said, "We are not discussing details around numbers," and added, "We reported the theft to law enforcement immediately, and are cooperating fully with their investigation."