A MoviePass server that wasn't secured with a password and contained 58,000 unencrypted MoviePass customer card and credit card numbers was left out in the open for anyone to find online, according to Tech Crunch.
Dubai-based security researcher Mossab Hussein of cybersecurity firm SpiderSilk discovered the unprotected database, which contained 161 million records of operations at MoviePass.
58,000 of those records contained MoviePass customer cards — the cards that customers use at movie theaters. Some of the records contained full credit card numbers and detailed billing information that Tech Crunch believes could lead to fraudulent purchases if obtained by malicious parties. Some of the credit card information in the records didn't contain the full credit card numbers, with only the last four digits being visible.
There were also logs of unsuccessful login attempts containing email addresses and password data, according to the report.
It's unclear how long the database was freely available and visible online. One estimate suggests months.
Hussein reached out to MoviePass CEO Mitch Lowe regarding the unencrypted and password-less server over the weekend of August 17, but did not hear back, according to Tech Crunch. MoviePass only took the database offline once Tech Crunch reached out to the company on Tuesday, August 20.
A spokesperson for MoviePass was not immediately available to comment.
MoviePass experienced massive growth after significantly lowering the price in 2017 to $9.95 a month to see up to a movie a day at participating theaters. But its explosive growth proved to be an unsustainable money-losing business model, which led the company to engage in questionable business practices in an attempt to control costs, sources told Business Insider. The company's customer count declined from 3 million in June 2018 down to 225,000 as of April 2019.
NOW WATCH: How does MoviePass make money?
Article by [author-name] (c) Finance - Read full story here.