In the last hour, several Consumerist readers have forwarded us e-mails they have received from the video-streaming folks at VUDU. The message alerts customers to a recent theft at the company offices and the potential that customers’ private information could be compromised. [More]
Some old Amazon account appear to have a flaw in their password protection scheme that makes them more vulnerable to a brute force cracking attempt. For affected accounts, if you haven’t changed your password in several years, and it’s over 8 characters long, it looks like all people have to do is enter the first 8 characters correctly and they’re in. Even if after the 8 characters they just type gobbledygook.
That Sears website exploit we posted about a couple of weeks ago was funny, mainly because it seemed more embarrassing for Sears than a true security risk. However, an independent security researcher had also discovered a more significant issue with the site—it allowed for an unlimited number of gift card verification attempts via an external script, so a criminal could use the site as a brute force method to identify valid gift cards for Sears and Kmart.