scorecard
  1. Home
  2. tech
  3. MoviePass customers' credit card information was reportedly left exposed without a password in an online database

MoviePass customers' credit card information was reportedly left exposed without a password in an online database

Antonio Villas-Boas   

MoviePass customers' credit card information was reportedly left exposed without a password in an online database

MoviePass

Hollis Johnson/Business Insider

  • A MoviePass server that wasn't secured with a password containing 58,000 unencrypted MoviePass customer card and credit card numbers was left out in the open for anyone to find online, according to Tech Crunch.
  • The database contained full credit card numbers with detailed billing information that could potentially have been used for fraudulent purchases.
  • The security researcher who discovered the database reportedly tried to alert MoviePass CEO Mitch Lowe over the weekend, but the company didn't pull the servers offline until Tech Crunch reached out to the company on Tuesday.
  • Visit Business Insider's homepage for more stories.

A MoviePass server that wasn't secured with a password and contained 58,000 unencrypted MoviePass customer card and credit card numbers was left out in the open for anyone to find online, according to Tech Crunch.

Dubai-based security researcher Mossab Hussein of cybersecurity firm SpiderSilk discovered the unprotected database, which contained 161 million records of operations at MoviePass.

58,000 of those records contained MoviePass customer cards - the cards that customers use at movie theaters. Some of the records contained full credit card numbers and detailed billing information that Tech Crunch believes could lead to fraudulent purchases if obtained by malicious parties. Some of the credit card information in the records didn't contain the full credit card numbers, with only the last four digits being visible.

There were also logs of unsuccessful login attempts containing email addresses and password data, according to the report.

It's unclear how long the database was freely available and visible online. One estimate suggests months.

Hussein reached out to MoviePass CEO Mitch Lowe regarding the unencrypted and password-less server over the weekend of August 17, but did not hear back, according to Tech Crunch. MoviePass only took the database offline once Tech Crunch reached out to the company on Tuesday, August 20.

A spokesperson for MoviePass was not immediately available to comment.

MoviePass experienced massive growth after significantly lowering the price in 2017 to $9.95 a month to see up to a movie a day at participating theaters. But its explosive growth proved to be an unsustainable money-losing business model, which led the company to engage in questionable business practices in an attempt to control costs, sources told Business Insider. The company's customer count declined from 3 million in June 2018 down to 225,000 as of April 2019.

READ MORE ARTICLES ON



Popular Right Now



Advertisement