Almost a couple of years after MoviePass shut down, its operators have agreed to settle with the FTC over allegations that they blocked subscribers from using the service and didn't adequately secure users' data. The commission has revealed the details of the proposed settlement, under which MoviePass parent company Helios and Matheson Analytics, Inc, as well as its principals Mitchell Lowe and Theodore Farnsworth, have agreed on heavy FTC oversight for any future business endeavors.
The commission accused MoviePass and its parent company of employing several tactics to prevent subscribers from being able to use the service as advertised. MoviePass was supposed to give users access to one movie per day for a monthly fee, which dropped from $50 to $10, but operators allegedly invalidated subscriber passwords on purpose to give the company sufficient reason to freeze accounts on the basis of "suspicious activity or potential fraud."
The operators also allegedly launched the service's ticket verification program to discourage use of the service. Users apparently encountered all sorts of bugs when verifying their tickets, and failure to verify was penalized with account cancellation. Finally, FTC says the company blocked users who viewed more than three movies per month. MoviePass eventually limited users to three movies a month in August 2018, but the reports were presumably from users who were blocked before the change was implement.
In addition to employing certain tactics that blocked users, the FTC also accused the service of failing to secure personal information it collected from subscribers. According to the commission, it stored consumers' personal data (including financial information and email addresses) in plain text. It also didn't impose restrictions on who could access personal information.
MoviePass and its parent company Helios declared bankruptcy a year-and-a-half ago to completely dissolve the business. As such, users won't be getting any monetary compensation under this settlement. MoviePass and its operators, however, are now prohibited from "misrepresenting the services they provide" for any future business endeavor. Further, they must implement a comprehensive security program that must undergo biennial assessments by a third party, which the FTC can review and and approve. They're also obligated to notify the FTC of any future data breaches.