[ad_1]
MoviePassThe meteoric rise and the rapid fall are already the subject of edifying stories in Hollywood, but in one way or another, the movie ticketing service continues to decline. It seems that the only time MoviePass made the headlines, is when his latest scandal surfaced, and that latter is a doozy. According to a new report, MoviePass has exposed tens of thousands of customer card numbers and personal credit cards through an unprotected critical server. We all know the biggest problem: MoviePass still has thousands of customers?
TechCrunch reported that an exposed database had inadvertently exposed thousands of MoviePass card numbers. The exposed database, which is one of many subdomains of the company, contains 161 million records in full growth. Much of the database is "computer-generated log messages used to keep the service running," but 58,000 records of these records include sensitive user information such as MoviePass client cards. TechCrunch reported:
These MoviePass client cards look like normal debit cards: they are issued by Mastercard and store a cash balance that subscribers to the subscription service can use to pay for watching a movie catalog. For a monthly subscription, MoviePass uses the debit card to charge the entire cost of the movie, which the customer then uses to pay for the movie at the cinema.
We examined a sample of 1,000 records and eliminated duplicates. Just over half contained unique MoviePass debit card numbers. Each client record included the MoviePass debit card number and its expiry date, card balance and activation date.
TechCrunch also said it found records containing customers' personal credit card numbers, along with their expiry dates, billing information, names and postal addresses – enough information to allow for purchases fraudulent. The database also included email addresses and password data related to unsuccessful login attempts. None of the records in the database have been encrypted.
MoviePass has since put the database offline after TechCrunch contacted the company. However, the database may have been exposed for months, according to the cyber intelligence company, RiskIQ, which detected the system for the first time in late June. The exposed database was discovered by Mossab Hussein, security researcher at SpiderSilk, a Dubai-based cybersecurity firm, who contacted MoviePass general manager Mitch Lowe without receiving a response.
This is just the latest scandal surrounding MoviePass, which recently made headlines for allegedly blocking users of the service by changing their passwords. MoviePass is no stranger to breaches of privacy after being criticized for selling user data to advertisers. The service has recently lost up to 90% of its user base, but with these scandals, I can not imagine that they will keep the rest even longer.
Cool messages from anywhere on the web:
[ad_2]
Source link