Click here to sign up for our newsletter & receive a £5 voucher![close]
×

Registration

Profile Informations

Login Details

or login

First name is required!
Last name is required!
First name is not valid!
Last name is not valid!
This is not an email address!
Email address is required!
This email is already registered!
Password is required!
Enter a valid password!
Please enter 6 or more characters!
Please enter 16 or less characters!
Passwords are not same!
Terms and Conditions are required!
Email or Password is wrong!

Massive MoviePass Database Flaw Exposes Credit Card Info On Thousands Of Customers

MoviePass members have reason to be concerned with the service. A security researcher from SpiderSilk named Mossab Hussein has announced that he found a major flaw in MoviePass servers. The flaw exposed a database that contained 161 million records and it is still growing in real-time. The researcher says the many of the messages in the database were routine computer-generated logging messages.

moviepass cc

However, many of the entries included sensitive user information like MoviePass customer card numbers. MoviePass customer cards are like debit cards and are issued by MasterCardTechCrunch reports that it reviewed 1,000 entries from that log and a bit over half of them contained MoviePass customer card numbers.

Information contained in the messages included the MoviePass debit card number, expiration date, card balance, and when the card was activated. The database contained more than 58,000 records containing card data. To make matters worse, among the data in the database was customer personal credit card numbers and the expiration date, along with data on billing information, names, and postal addresses. 

Some of the entries in the database did contain credit card numbers that had been masked except for the last four digits. The logs in the file also included email addresses and failed passwords from users attempting to log into their accounts. None of the data in the database was encrypted. MoviePass CEO Mitch Lowe was contacted via email by the security researcher to tell him about the breach, but Lowe never responded. The database remained up and visible until yesterday.

This isn't the first time that MoviePass users were concerned with privacy; MoviePass promised that it wouldn't monetize users' location data.

Go to Source