MoviePass exposed thousands of unencrypted customer card numbers

Found on Techcrunch on Sunday, 08 September 2019
Browse Various

MoviePass customer cards are like normal debit cards: they’re issued by Mastercard and store a cash balance, which users who sign up to the subscription service can use to pay to watch a catalog of movies.

We also found records containing customers’ personal credit card numbers and their expiry date — which included billing information, including names and postal addresses. Among the records we reviewed, we found records with enough information to make fraudulent card purchases.

Security researcher Nitish Shah told TechCrunch he also found the exposed database months earlier. “I even notified them, but they [didn’t bother] to reply or fix it,” he said.

MoviePass has lost millions of customers already, and they probably will be out of business soon.