MoviePass is found to have left tens of thousands of credit card numbers and client information exposed in an unprotected server.
Since the database wasn't secured with a password, all the data within the server was left open to anyone online for an unknown period of time, leaving clients susceptible to credit card fraud.
MoviePass Server Found Unprotected
According to TechCrunch, the unprotected server was discovered by security researcher Mossab Hussein who worked at the cybersecurity firm SpiderSilk. It's only one of MoviePass' many databases, but it contains a wealth of valuable and highly sensitive information including MoviePass customer card numbers.
MoviePass is a film subscription service that allows members to watch a new movie daily for a monthly subscription fee. The customer card acts just like a debit card, used to pay for tickets at the cinema.
The exposed server contained over 58,000 records with customer card data. The records not only showed MoviePass customer card numbers, but a number also had the client's personal credit card numbers, expiration dates, names, and addresses — all of which are enough to leave these individuals vulnerable to fraud.
This database also contained email addresses and passwords from failed login attempts.
"We keep on seeing companies of all sizes using dangerous methods to maintain and process private user data," Hussein pointed out. "In the case of MoviePass, we are questioning the reason why would internal technical teams ever be allowed to see such critical data in plaintext — let alone the fact that the data set was exposed for public access by anyone."
MoviePass Controversies
Hussein revealed that he attempted to reach out to MoviePass CEO Mitch Lowe, but did not hear back from the executive. The database remained online until TechCrunch also reached out to the company.
It's unknown how long the server has been sitting exposed with all these sensitive data. According to RiskIQ, the database may have been exposed for months before its detection.
First launched in 2011, MoviePass has a history marked with intense ups and downs. Within a year from December 2016 to December 2017, the company's subscribers grew from 20,000 to more than 1 million as MoviePass prices drop to an unbelievable $10.
The next few months saw the company offer even lower subscription prices, eventually resulting in multi-million reported losses for MoviePass. Controversy begins to arise with the company changing its subscription terms every few months and suspending services of existing subscribers just last July during blockbuster season.