MoviePass Left 58,000 Customer Records on an Unprotected Public Server

Movie Pass

Came tumbling, tumbling.

MoviePass has been, possibly, my favorite slow-motion trainwreck to spectate in my time writing here. And this time, they’re back in the news. Why? Shitty data security, of course!

Per TechCrunch, they apparently left the records of 58,000 subscribers on a completely unprotected public server. Just like that now famous cake in the rain.

I recall the time they found those fossilized mosquitoes
And before long, they were cloning DNA

Security researcher Mossab Hussein of SpiderSilk found a database on a MoviePass subdomain that held some 160,000,000 records on a completely unsecured server. Among those, 58,000 were records with customer information, including that of their MoviePass cards. But it wasn’t just that; it also held their personal info: credit card information, names, addresses.

It also contained email, as well as all passwords that user had used; including those with typos. From the TechCrunch article:

The database also contained email address and some password data related to failed login attempts. We found hundreds of records containing users’ email addresses and presumably incorrectly typed passwords — which was logged — in the database. We verified this by attempting to log into the app with an email address and password that didn’t exist but only we knew. Our dummy email address and password appeared in the database almost immediately.

According to cyberthreat intelligence firm RiskIQ, the database was first discovered by them as publicly accessible and unprotected sometime in June.

READ:  MoviePass Makes a Negative Shift

Honestly, I’m surprised they’re still somehow standing. I kinda figured they’d die last year. They keep somehow shoveling more money into it even though the writing’s on the wall. Either way, I can’t imagine it’ll be long now. I’ll have something special prepared for the funeral.

Source: Gizmodo

About Author

B. Simmons

Based out of Glendale California, Bryan is a GAMbIT's resident gaming contributor. Specializing in PC and portable gaming, you can find Bryan on his 3DS playing Monster Hunter or at one of the various conventions throughout the state.

Learn More →