Thousands of credit card numbers from MoviePass customers have been exposed online

MoviePass, the movie theater subscription service that is still inexplicably trying to stay in business, has left thousands of credit card numbers and other confidential data confidential to search for anyone on an online database. , according to a report by TechCrunch. A cybersecurity expert, Mossab Hussain, of a Dubai-based company named SpiderSilk, discovered the unprotected server and shared data samples with TechCrunch to confirm that MoviePass left the data unencrypted and accessible to everyone.

according to TechCrunch, data includes both MoviePass debit card numbers and personal credit card information of customers, including credit card numbers, expiry dates, billing addresses and names. TechCrunch indicates that the data was in some cases sufficient to make fraudulent purchases with a credit card. The report also shows how Hussain found the failed email addresses and connection data on the unprotected server. TechCrunch tested this by making an unsuccessful login attempt using a dummy account. The database showed the information, unencrypted, "almost immediately."

It is not clear that this information was collected or disseminated by a malicious third party. However, Hussain's conclusions about MoviePass's state of security are deeply troubling. In the face of the many controversies that MoviePass has faced in the past, it's easy to see how cybersecurity could disappear. But the degree of blatant disregard here means that thousands of MoviePass customers have been exposed to the risk of fraud and identity theft.

according to TechCrunchHussain contacted the company about the insecure server and did not get an answer. Only when TechCrunch contacted the company earlier today was the database apparently removed.

"We continue to see businesses of all sizes using dangerous methods to manage and process data from private users," said Hussain. TechCrunch in an interview. "In the case of MoviePass, we wonder why internal technical teams would ever be allowed to see these critical data in clear text – not to mention the fact that the dataset has been exposed to the public by everyone" said Hussain. database using SpiderSilk's tools, designed to look for these types of problems and help SpiderSilk to disclose them to companies, sometimes in exchange for rewards for rewards against bugs.

In case you do not follow the recent debacle of MoviePass, the number of subscribers of the company has dropped by about 90% compared to the 3 million that it counted in the middle of 2018. the pace and the volume requested by customers. This led MoviePass and its parent company, Helios and Matheson, a data analytics company, to come up with every conceivable opportunity to stay in business, including removing and re-introducing multiple versions of subscriptions, obscuring some movies and cinemas and at number of dubious tactics around the cancellation of the plan and automatic renewal.

More recently, MoviePass has literally shut down its application and went black in early July. Chief Executive Officer Mitch Lowe said at the time that the company had to completely reorganize its service and had committed not to charge monthly subscribers during the period and to credit customers for the time lost. More than a month later, the company's website currently states: "The MoviePass service has been restored for a significant number of our current subscribers and we hope to take steps to restore service to all of our current subscribers. During the downtime, MoviePass did not accept new subscribers.

MoviePass does not have a press line that can be accessed. An email sent to his marketing address was returned and a comment request sent to a former public relations spokesperson who had represented MoviePass in the past was not immediately returned. The edge is currently looking for the best way to contact the company for feedback, and we will update this article when we have an answer or if we become aware of it.