MoviePass Clients: Check Credit Card Statements for Fraud
If you are a MoviePass customer, you may want to take a closer look at your credit card statements or consider a complete card replacement.
The movie subscription service announced Wednesday that one of its critical servers is not password protected. This critical server contained tens of thousands of MoviePass numbers as well as customers’ personal credit card numbers, Techcrunch reported .
The secure database was discovered by a security researcher at Dubai-based cybersecurity firm SpiderSilk and actually contained 161 million records. Most of the entries were generated by log messages, but some of them also included sensitive user information.
The customer information stored on the server included personal credit card numbers and expiration dates, billing information, and the names and mailing addresses of their owners. Some other entries show only the last four digits of card numbers.
None of the recordings were encrypted.
MoviePass did not respond to security researcher emails about the issue, and after Techcrunch posted their story, several other researchers said they had discovered the same issue months before. In other words, it has probably been around for a while. MoviePass shut down the database after being contacted by Techcrunch.
If you are a MoviePass customer, this means that your credit card information may not be available. At a basic level, it’s a good idea to look over your credit card statements from the past few months (unless you already do this regularly) and make sure you don’t see anything out of the ordinary.
It may also be a good idea to get a replacement card for the one you are using for MoviePass. Just because someone else hasn’t used your card number doesn’t mean they won’t.