MoviePass Unprotected Database Exposes Customers Card Information
Movie ticket subscription service MoviePass has exposed customer’s credit cards numbers because a critical server was not protected with a password. The exposed database was discovered on one of the company’s many subdomains. Dubai-based cybersecurity firm SpiderSilk revealed that it contained 161 million records. Many of the records were normal computer-generated logging messages used to ensure the running of the service, but many also included sensitive user information, such as MoviePass customer card numbers.
Most exposed numbers were MoviePass customer card numbers. But many records also had customers’ personal credit card numbers, expiry date, billing information, including names and postal addresses.
The database may have been exposed for months, TechCrunch reports.