MoviePass, a movie ticket subscription service, has confirmed that a security lapse exposed the sensitive user information of tens of thousands of customers. Sensitive data, such as names, email addresses, and credit card numbers, was exposed due to a critical server lacking password protection. The database, which contained 161 million records—58,000 of which contained card data—has since been taken offline.
Movie ticket subscription service MoviePass has exposed tens of thousands of customer card numbers and personal credit cards because a critical server was not protected with a password. The database was massive, containing 161 million records at the time of writing and growing. Many records were normal computer-generated logging messages used to ensure the running of the service — but some also included sensitive user information, such as MoviePass customer card numbers. These MoviePass customer cards are like normal debit cards: they’re issued by Mastercard and store a cash balance, which users who sign up to the subscription service can use to pay to watch a catalog of movies. For a monthly subscription fee, MoviePass uses the debit card to load the full cost of the movie, which the customer then uses to pay for the movie at the cinema.