Sorry, you need to enable JavaScript to visit this website.

CyberScout is the nation’s premier consultative provider of identity and data risk management, resolution and education services.

Unprotected MoviePass Database Exposes Customer Data

Unprotected MoviePass Database Exposes Customer Data
August 23, 2019
Moviepass breach

MoviePass confirmed a data breach that exposed customer data on an unprotected database. The incident included credit card numbers

Researchers discovered the database online on a subdomain of MoviePass with no password protection. The subdomain contained 161 million records. At least 58,000 records on the database contained customer card and credit card information, as well as names, email addresses, and what appears to be password data from failed login attempts. 

Multiple security experts and researchers identified the exposed database and attempted to contact MoviePass, but were apparently ignored. The database itself was online and accessible since at least May 2019.

“MoviePass recently discovered a security vulnerability that may have exposed customer records. After discovering the vulnerability, we immediately secured our systems to prevent further exposure and to mitigate the potential impact of this incident,” said MoviePass chief executive Mitch Lowe.

“In the case of MoviePass, we are questioning the reason why would internal technical teams ever be allowed to see such critical data in plaintext — let alone the fact that the data set was exposed for public access by anyone,” said Mossab Hussein, one of the researchers who found the database. 

Read more about the story here.

Offer 24/7 CyberScout Protection

CyberScout's partnership options help you safeguard the identity and privacy of your policyholders, customers, members and employees. Discover how a customized program can help build brand loyalty, customer retention, and quickly generate long-term recurring revenue.

Get Started