Jump to content

MoviePass data breach leaves credit card numbers open


sincity

Recommended Posts

Movie ticket subscription service MoviePass is the latest company to suffer a data breach after tens of thousands of customer card numbers and personal credit cards were left unsecured on a server that was not password protected.

The exposed database was discovered by SpiderSilk security researcher Mossab Hussein who found it on one of the company's many subdomains. The database itself is massive and contains over 161m records including some pertaining to the service's daily operations as well as sensitive user information such as MoviePass customer card numbers.

MoviePass issues cards to its customers that are similar to normal debit cards and are issued by MasterCard. These cards contain a cash balance and the company deposits funds onto them which customers then use to pay to see movies.

When reviewing the records stored in the exposed database, TechCrunch also found information regarding MoviePass customers' personal credit card numbers including their expiry date as well as billing information such as names and postal addresses. However, some of the records contained card numbers where only the last four digits were visible.

Exposed database

After discovering the exposed database, Hussein reached out to MoviePass' chief executive Mitch Lowe to inform him of the matter but he did not hear back. The database was finally taken offline after TechCrunch reached out to the company.

Hussein was able to find MoviePass' exposed database by using SpiderSilk's own web mapping tools which search for non-password protected databases which are connected to the internet and identify their owners. This information is then disclosed to companies privately, often in exchange for a bug bounty.

According to the cyberthreat intelligence firm RiskIQ, the database may have been exposed for months as the company first detected the unsecured server in June.

MoviePass has yet to publicly acknowledge the breach and this lapse in security will likely do little to help the company as it struggles to gain more customers after growing far too fast. The company has also faced scrutiny recently after it reportedly changed the passwords of users who use its service extensively to prevent them from seeing more films.

Via TechCrunch

http://feeds.feedburner.com/~r/techradar/digital-home/~4/yyQlwxqOnYk
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...