Latest in Entertainment

Image credit: Mike Segar / Reuters

MoviePass confirms breach that leaked credit card numbers

The data had been available for months until a TechCrunch report highlighted it.
324 Shares
Share
Tweet
Share
Save

Sponsored Links

Mike Segar / Reuters

On Tuesday TechCrunch reported that security researcher Mossab Hussein, with the firm SpiderSilk, found an exposed, unencrypted MoviePass database with millions of records. Some of those included numbers for its custom debit cards that are used when subscribers purchase tickets, while others listed customer's personal information including their credit card numbers, expiration dates and billing information. Another researcher had located the vulnerable information back in July and notified the company, but neither was able to get a response, while yet another found evidence the database had been public since May of this year.

MoviePass took the database offline yesterday after the report, and today finally publicly responded with a statement from a spokesperson.

MoviePass recently discovered a security vulnerability that may have exposed subscriber records. After discovering the vulnerability, we immediately secured our systems to prevent further exposure and to mitigate the potential impact of this incident. MoviePass takes this incident seriously and is dedicated to protecting our subscribers' information. We are working diligently to investigate the scope of this incident and its potential impact on our subscribers. Once we gain a full understanding of the incident, we will promptly notify any affected subscribers and the appropriate regulators or law enforcement.

The company put its services "on hold" in July while saying it was working on its app, but couldn't close this security hole -- despite apparent attempts at notifications before restoring access "to a substantial number of our current subscribers."

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
324 Shares
Share
Tweet
Share
Save

Popular on Engadget

Google reportedly facing a DOJ probe over its $2.1 billion Fitbit purchase

Google reportedly facing a DOJ probe over its $2.1 billion Fitbit purchase

View
LG's 2020 Gram laptops add 10th-gen Ice Lake CPUs

LG's 2020 Gram laptops add 10th-gen Ice Lake CPUs

View
Yubico's authenticator app now supports NFC for iOS devices

Yubico's authenticator app now supports NFC for iOS devices

View
$35 off coupon makes Google's Titan security keys almost free

$35 off coupon makes Google's Titan security keys almost free

View
Logitech made a $200 webcam for Apple's $5,000 pro display

Logitech made a $200 webcam for Apple's $5,000 pro display

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr