MoviePass thousands of Customer credit card numbers were exposed online and put customer’s information on risk. The credit card numbers were unencrypted. Cards which were issues by moviepass to their customers is the same as credit cards and these are issues by mastercards.
MoviePass is an American subscription-based movie ticketing service and the majority-owned by Matheson and Helios Analytics. MoviePass was named as one of the “25 Most Disruptive Apps of 2012” and part of “The Best of Everything in 2012” by Business insider.
A security researcher Mossab Hussein at Dubai-based cybersecurity firm SpiderSilk found an exposed database on one of the company’s many subdomains. They reviewed sample 1000 records and after removing duplicates. They found half of them infected contained were moviepass credit card.
In total, Hussein said the record was more than 58,000 in the database contained card data-and growing by minutes.
Mossab was first gone to the MoviePass’ chief executive Mitch Lowe to inform after discovering the exposed database but he just ignores him and then TechCrunch found personal credit card numbers, expiration dates and billing information including names and e-mail addresses as well as addresses and logs of failed password attempts. “We found records with enough information to make fraudulent card purchases,” the publication said.
According to the cyberthreat intelligence firm RiskIQ, the database may have been exposed for months as the company first detected the unsecured server in June. The company yet to acknowledge the breach and this lapse in security will dangerously impact on company too fast growth over the year, In fact, the company had also faced inspection recently after it changed the password of their user to prevent them from extensively watching films.