A data leak has been discovered at a subscription-based movie ticketing service. This one could prove costly to consumers.
Credit card numbers were discovered in an unsecured server. The server contains 161 million records.
Find out which company leaked the data and what kind of information was exposed. Also, we have tips on protecting yourself if your data is exposed or stolen.
Personal information, unencrypted credit cards exposed
MoviePass somehow continues to limp along despite its scandals and treatment of customers. This latest incident may prove to be the inevitable tipping point.
A cybersecurity expert told TechCrunch that he had discovered a critical MoviePass server that was not protected by a password.
Among the 161 million records on the server, about 58,000 documents exposed customers’ personal information, as well as MoviePass debit card and personal credit card numbers subscribers used to pay their monthly fee.
The credit card data also included expiration dates, names and zip codes. TechCrunch reports that some records with credit card information masked the entire number except for the last four digits.
Making a bad situation even worse, none of the data was encrypted.
MoviePass first operated by having subscribers pay a $10 monthly user fee. MoviePass would then load the subscribers’ company debit card with enough money to buy three full-priced movie tickets each month. But the business model has gone through many changes. In its latest incarnation, subscribers pay close to $20 a month to watch one movie per day.
The server was still collecting data until it was taken down earlier this week after TechCrunch reached out to the MoviePass’ CEO. The cybersecurity expert who discovered the leak said he informed MovePass about the situation months ago.
Komando.com attempted to contact MoviePass through its marketing email address. The email bounced back.
The one bit of good news is that so far there has been no indication that any of the data has been stolen. But you never know.
The turbulent history of MoviePass
When launching MoviePass, its executive team thought the business model would be like a gym membership. You don’t go but you’re still paying for the service.
But working out is very different from going to the movies. The original $10 price for three full-cost tickets was too good to pass up. Millions of people signed up and went to the movies.
The problem for MoviePass was that subscription fees did not cover what it was paying out for tickets. The company then began increasing the monthly subscription fees and limiting the selection of movies users could see.
This summer, it was discovered that the company’s CEO changed user passwords in an attempt to stop the tsunami of subscribers who were going to watch “Avengers: Endgame.”
In July, MoviePass temporarily suspended operations while it “retooled.” MoviePass’ homepage now carries a statement saying the service has been restored to a “substantial” amount of its subscribers and hopes to have all of its subscribers online again soon.
The public, however, has had enough of MoviePass’ shenanigans. Its subscribers have dropped from a high of 3 million to 225,000. And the increase in the number and quality of streaming TV services certainly isn’t doing MoviePass any favors.
If you’re worried that your information may have been exposed in the data leak, here are something you should do:
Keep an eye on your bank accounts – You should be frequently checking your bank statements, looking for suspicious activity. If you see anything that seems strange, report it immediately.
Check your online accounts – Have I Been Pwned is an easy to use website with a database of information that hackers and malicious programs have released publicly. It monitors hacker sites and collects new data every five to 10 minutes about the latest hacks and exposures.
Get a credit freeze – If you think that your identity has already been compromised, put a credit freeze on your accounts as soon as you can.