Submitted via IRC for SoyCow2718
According to TechCrunch, security researcher Mossab Hussein of Dubai-based SpiderSilk found that a database on a MoviePass subdomain containing some 161 million records was left exposed to the wider internet. Contained in said database were an estimated 58,000 records containing information on MoviePass customer cards, which are used to store cash balances, TechCrunch wrote:
These MoviePass customer cards are like normal debit cards: they're issued by Mastercard and store a cash balance, which users who sign up to the subscription service can use to pay to watch a catalog of movies. For a monthly subscription fee, MoviePass uses the debit card to load the full cost of the movie, which the customer then uses to pay for the movie at the cinema.
We reviewed a sample of 1,000 records and removed the duplicates. A little over half contained unique MoviePass debit card numbers. Each customer card record had the MoviePass debit card number and its expiry date, the card's balance and when it was activated... The database had more than 58,000 records containing card data—and was growing by the minute
Source: https://gizmodo.com/moviepass-apparently-left-58-000-customer-records-expos-1837427168
(Score: 0) by Anonymous Coward on Monday August 26 2019, @10:22PM (1 child)
What are they going to do with 161 million free movie passes?
(Score: 2) by JoeMerchant on Tuesday August 27 2019, @12:57PM
I was going to say: 24 hours without comment - nobody cares...
The real threat here is if people use their same banking password on MoviePass - with 58,000 records exposed, there are likely hundreds in there who did.
🌻🌻 [google.com]