Walmart announced today that thieves broke into the offices of its video service Vudu in March. Among the stolen goods were a number of hard drives that contain the personal information from customers.

The company released a statement revealing the theft, saying that the hard drives “contained customer data including names, email addresses, mailing addresses, account activity dates of birth, and encrypted passwords.” The break-in originally happened on March 24. The company assures customers that no “full” credit card numbers were stored on those hard drives. Only the last four digits are stored in Vudu’s systems, according to its FAQ section.

As a result, Walmart has reset the passwords for all of its Vudu users. Anyone who uses Vudu can change their passwords on the Vudu website. The company, of course, recommends that you change your passwords on any other accounts that used the same password. Checking other accounts for access is one of the first things someone with your password will do. Vudu also warns that you may receive phishing attempts as a result of having your personal information stolen. Make sure to vet anyone who asks for your information in the next couple months.

Just in case, Vudu is also providing customers with AllClear ID, an identity protection service for anyone who might experience identity theft as a result of this break-in. Notified Vudu customers will have the AllClear services at their disposal for a year from today.

As a result, Vudu says it is strengthening both its physical office security as well as password security requirements.

hat tip The Next Web; Computer thief image via Shutterstock

Updated 4:36pm to include Apple’s comment.

A new vulnerability in Apple’s password reset system may allow hackers to change the passwords for you Apple accounts using only an email address, birthday, and a “modified URL,” according to the Verge.

“Apple takes customer privacy very seriously. We’re aware of this issue and working on a fix,” an Apple spokesperson told VentureBeat.

The spokesperson explained that while the company looks into the issue, it has taken down the “iForgot” feature that allows you to reset your password if you’ve forgotten it.

The details on the tactics used to change the passwords are murky. The Verge obtained step-by-step instructions, which reportedly includes using the correct combination of your email and birth date, along with a link that tricks the system, and avoids answering any security questions. While it does involve a small piece of personal information — your birthday — most people include this on their social profiles. It’s an easy find.

Thus far, we haven’t heard of anyone affected by this attack, and we have reached out to Apple for confirmation that the vulnerability exists and any future steps Apple is taking toward fixing it.

Yesterday, Apple announced that it added two-factor authentication to its iCloud and Apple ID logins. It seems that if you already enabled two-factor authentication, you’re safe from this attack.

Two-factor authentication is the process by which you receive a code — in Apple’s case, a code is sent by SMS or through the FindMyiPhone app — that you must provide along with your password. It’s sometimes seen as a barrier-to-entry, but two-factor really does put an extra obstacle between your data and anyone who is not you.

iPhone cracked image via Håkan Dahlström/Flickr

Following legitimate hacks into some Twitter accounts, the site ended up mistakenly sending password reset e-mails to a large number of unaffected users as well, according to Twitter’s status blog.

This morning TechCrunch’s Twitter account was hacked, along with high profile users like comedian David Mitchell. Twitter typically manually resets passwords for hacked accounts, but this time it looks like it went a bit overboard and reset passwords for unaffected users as well. Some of our writers at VentureBeat also received the reset e-mails, and they confirmed that they weren’t able to log back into the service without changing their password.

It’s never a bad idea to change your password often, so it’s hard to blame Twitter for overreacting. It’s certainly better than being slow to respond to the hacks in the first place.

We’ve asked Twitter for more details on the hacks and will update when we hear back. For now, don’t fret.

See the full message from Twitter below:

We’re committed to keeping Twitter a safe and open community. As part of that commitment, in instances when we believe an account may have been compromised, we reset the password and send an email letting the account owner know this has happened along with information about creating a new password. This is a routine part of our processes to protect our users.

In this case, we unintentionally reset passwords of a larger number of accounts, beyond those that we believed to have been compromised. We apologize for any inconvenience or confusion this may have caused.

As always, we recommend that people review these tips on how to keep their Twitter accounts secure: https://support.twitter.com/articles/76036-keeping-your-account-secure#