MoviePass Apparently Left 58,000 Customer Records Exposed on a Public Server

by
Fnord666
from SoylentNews on (#4NZ0D)

MrPlow writes:

Submitted via IRC for SoyCow2718

According to TechCrunch, security researcher Mossab Hussein of Dubai-based SpiderSilk found that a database on a MoviePass subdomain containing some 161 million records was left exposed to the wider internet. Contained in said database were an estimated 58,000 records containing information on MoviePass customer cards, which are used to store cash balances, TechCrunch wrote:

These MoviePass customer cards are like normal debit cards: they're issued by Mastercard and store a cash balance, which users who sign up to the subscription service can use to pay to watch a catalog of movies. For a monthly subscription fee, MoviePass uses the debit card to load the full cost of the movie, which the customer then uses to pay for the movie at the cinema.

We reviewed a sample of 1,000 records and removed the duplicates. A little over half contained unique MoviePass debit card numbers. Each customer card record had the MoviePass debit card number and its expiry date, the card's balance and when it was activated... The database had more than 58,000 records containing card data-and was growing by the minute

Source: https://gizmodo.com/moviepass-apparently-left-58-000-customer-records-expos-1837427168

Original Submission

Read more of this story at SoylentNews.

External Content
Source RSS or Atom Feed
Feed Location https://soylentnews.org/index.rss
Feed Title SoylentNews
Feed Link https://soylentnews.org/
Feed Copyright Copyright 2014, SoylentNews
Reply 0 comments