Threat Watch

MoviePass Has Faulty Database

Researcher Massab Hussein found that MoviePass, an online movie subscription service, has been found to have an unencrypted database that exposed thousands of customers’ card data. MoviePass customer cards are like normal debit cards. They are issued by Mastercard and store a cash balance so that customers can pay to watch a variety of movies at cinemas. The researcher found a database, owned by MoviePass, that was in one of the subdomains that open for public viewing and required no password to access it.  The database contained around 161 million records when it was found. Most of the information contained was computer-generated login messages used to ensure the running of the service. But some of the data included such information as the MoviePass customer card numbers, personal credit card numbers, card expiration date, names and physical addresses. Hussein found enough information to be able to make fraudulent card purchases. More than 58,000 records were found that contained the sensitive data and that number is growing. The researcher contacted MoviePass, who took down the exposed database after several days. It is currently unknown as to how long the database was exposed or if the information was copied by hackers.