Movie ticketing subscription service MoviePass reportedly left thousands of customer’s credit card numbers and other sensitive pieces of data exposed for anyone to find on an online database reports TechCrunch.
The outlet has done an in-depth report after being contacted by a cybersecurity expert who discovered the unprotected server and shared sample data sets that confirm MoviePass was leaving customer data unencrypted and accessible to anyone.
Said data reportedly includes both MoviePass debit card numbers and the actual personal credit card details of customers, including credit card numbers, expiration dates, billing addresses and names. TechCrunch indicates the data was enough in some cases to make fraudulent credit card purchases using other people’s cards.
It’s not clear if any of the information was ever collected or disseminated by a malicious third party, but even the risk of potential fraud and identity theft is concerning. The cybersecurity expert also reportedly reached out to the company about the unsecured server and did not get a reply back – it wasn’t until TechCrunch contacted them that the database was apparently taken down.
Update: In a statement, Movie Pass says the security lapse was recently discovered and its system was immediately secured: “MoviePass takes this incident seriously and is dedicated to protecting our subscribers’ information. We are working diligently to investigate the scope of this incident and its potential impact on our subscribers. Once we gain a full understanding of the incident, we will promptly notify any affected subscribers and the appropriate regulators or law enforcement.”
More details about the story can be found by clicking here.