A vulnerability in movie subscription service MoviePass’ website exposed sensitive customer data, including tens of thousands of customer cards and credit card numbers, according to a report on Tuesday.
Continue Reading Below
The weak spot was first discovered by Dubai-based cybersecurity firm Spider Silk, which found a database linked to MoviePass that lacked password protection or data encryption, TechCrunch reported. As a result, an array of customer data, including partial and complete personal credit card numbers, their expiration dates, MoviePass card numbers, customer names and addresses, was exposed to the internet.
The exposed database has since been taken offline, the report said. Specific details about the apparent breach, such as how long sensitive information was exposed and how many MoviePass customers were affected, were not immediately known.
MoviePass representatives did not immediately respond to FOX Business’ request for comment.
MoviePass customer cards function as debit cards, with users who subscribe to the movie ticket service can use to gain entry to shows. For a monthly fee, customers can watch one movie per day out of a selection of films. There are two options Movie Pass offers. One is for $9.95 a month but you have to $119.40 upfront to enjoy the 12-month subscription. Or subscribers can pay $14.95 on a month-to-month basis, but that choice will bump up to $19.95.
The company attracted roughly 2 million subscribers in the weeks after its launch but has burned through money at a rapid rate. As financial struggled worsened, a board member of parent company Helios and Matheson resigned last August, alleging that he had been unable to obtain details about MoviePass’s operations and business strategy.
The subscriber base was said to consist of just 225,000 subscribers as of last April, as frequent service interruptions and changes to the subscription plan rankled customers.
MoviePass briefly suspended service earlier this summer, in what it said was an attempt to improve its mobile app. A message on the company’s website thanks customers for their patience and says “service has been restored to a substantial number of our current subscribers.”