CINEMA SUBSCRIPTION SERVICE MoviePass has been caught storing thousands of its customers' credit card numbers and other sensitive data on an unsecured database, reports TechCrunch.
Cybersecurity expert Mossab Hussain from security firms SpiderSilk discovered the unsecured database and threw some data samples TechCrunch's way, showing the publication that the data - which was also stored in an unencrypted form - was accessible by anyone on with an internet connection.
With data like billing addresses and names exposed alongside credit card numbers, there's enough sensitive information for nefarious cyber crim types to harness and commit fraud with.
While there's no indication so far that the data has fallen into malicious hands, it's still bad news for MoviePass, which has already been struggling to keep is cinema subscription service ticking along.
And it's had a rocky year already, having shut down its service for several weeks to update its app and reportedly changing user passwords to stop them from ordering tickets as it didn't have the money to fulfil orders.
TechCrunch contacted MoviePass, which then took down the unsecured server so the problem has been plugged. But the whole situation once again highlights how many companies seem to be rather lax on securing their customer data, whether they are doing it knowingly or not.
Leaving data on an unsecured server is pretty dumb if you ask us, but leaving said data in plaintext, as MoviePass did, seems abjectly idiotic and begs the question why the company's IT folks didn't spot the problem.
MoviePass has yet to issue a statement or any response on the database exposure, which would indicate things aren't too dandy with the company. Not that we want to come across as all cynical, but we'd not be surprised if MoviePass' day in this world were numbered. µ
Stay alive and it'll find you
Chrome and punishment