The theatre subscription facility provider MoviePass is currently having a really hard time to stay in business, because of thousands of its customers’ credit card numbers and other sensitive pieces of data have been leaked out for anyone to find on an online database, as per the latest news reports. The cybersecurity theft was first noticed by Mossab Hussain, a cybersecurity expert from a Dubai-based firm named SpiderSilk. Mossab had discovered the unprotected server and had subsequently shared sample data logs with the news media TechCrunch to confirm that MoviePass was, in fact, leaving the data unencrypted and therefore open and accessible to anyone.
The clientele data includes both MoviePass debit card numbers and the actual personal credit card details of customers, including credit card numbers, expiration dates, billing addresses, and names, basically, everything you need to get access to someone’s bank account. TechCrunch stated that the data was enough in some cases to make fraudulent credit card purchases using the cards held by the bank account holders. The report also states how Hussain found email addresses and used a failed login data to log into the unprotected server, and the employees at TechCrunch had also tested and verified this by making a failed login attempt using a dummy account. The database almost immediately showed the information that it is unencrypted.
Whether any of this information was ever collected or disseminated by a malicious third party is not clear yet. However, Hussain’s findings of the state of MoviePass’ security are now raising a lot of questions about the company’s customer security violations. Given the mountain of controversies MoviePass has already faced in the past, it’s easy to see how cybersecurity had already earned a bad reputation. But the level of blatant disregard here indicates that thousands of MoviePass customers have been put at risk of fraud and identity theft, which is a criminal offence.