The security expert Mossab Hussein from
The researcher discovered that the records in the database were not encrypted.
The database included both data logs and sensitive user data, such as customer card numbers. According to Techcrunch,
“We reviewed a sample of 1,000 records and removed the duplicates. A little over half contained unique
The archive contained more than 58,000
The unsecured database also contained customers’ personal credit card numbers and their expiry date, along with billing information (names and postal addresses). In some cases, available data could expose owners to frauds.
Logging data included email addresses and incorrectly typed passwords.
Hussain attempted to report his discovery to MoviePass, but he did receive any reply. The service was taken offline after TechCrunch reported the issue to the company.
TechCrunch reported that security firm
“We keep on seeing companies of all sizes using dangerous methods to maintain and process private user data,” Hussein told TechCrunch. “In the case of MoviePass, we are questioning the reason why would internal technical teams ever be allowed to see such critical data in
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.