San Francisco: American subscription-based movie ticketing service MoviePass, Inc. has exposed thousands of unencrypted customer card numbers and personal credit cards because a critical server was not protected with a password.
The database was massive, containing 161 million records at the time of writing and growing in real-time. Many of the records were normal computer-generated logging messages used to ensure the running of the service – but many also included sensitive user information, such as MoviePass customer card numbers, TechCrunch reported on Wednesday.
A cybersecurity expert named Mossab Hussain, from a Dubai-based firm named SpiderSilk, discovered the unprotected server and shared sample data sets with TechCrunch to confirm that MoviePass was in fact leaving the data unencrypted and accessible to anyone. There is no information about whether MoviePass’ customer information was ever collected or disseminated by a malicious third party.
However, Hussain’s findings of the state of MoviePass’ security are deeply troubling. Given the mountain of controversies MoviePass has faced in the past, it’s easy to see how cybersecurity could fall by the wayside, according to The Verge.
