MoviePass,emmanuelle a game of eroticism the cinema subscription service that's gone from "This is too good to be true" to "What is even going on I'm so tired" in a series of reinventions, has had another setback.
The company left thousands of customer card details, and tens of thousands of customers' credit card details, visible on a server that was not password protected, according to a security research firm.
The database, which a reporter from TechCrunch observed "growing in real time," contained more than 161 million records and counting, ranging from logging details generated in the course of a normal running day to unencrypted user details. Credit or debit card details were available, too, including card numbers, expiration dates, cardholder names, and billing addresses in plaintext.
MoviePass customer cards are basically MasterCard-issued debit cards; customers pay the monthly fee, and the service loads up the cards with the price of a movie ticket when a screening is booked, so subscribers can then buy them at the box office with the card.
(A MoviePass card could technically be used to make any debit purchase, users theorise, although it would get the account holder banned pretty swiftly.)
This Tweet is currently unavailable. It might be loading or has been removed.
The unprotected dataset was detected by systems developed by Dubai-based firm spiderSilk, and confirmed manually by the firm's security team before they notified MoviePass, which did not respond.
Security researcher Mossab Hussein told Mashable while his team can't tell for sure whether the database had been accessed by other parties, they estimate the number of credit cards that could be exposed in the dataset runs into the tens of thousands, in addition to around 50,000 MoviePass cards.
SEE ALSO: A new limited MoviePass offer comes close to the tantalizing original plan"Simple best practices should have prevented any of this from happening in the first place," Hussein said. "But we see a lot of companies not worrying as much as they should, when it comes to 'internal tools' and 'internal logging.' And they justify this by saying something along the lines [of] 'Oh, it's only for internal use and analysis.'"
Mashable has contacted MoviePass's parent company Helios + Matheson for comment on the exposure, including the reasons why the database was only taken offline after TechCrunch notified them of the issue and not when Hussein reached out over the weekend.
"We've seen companies that took 30 days to acknowledge a finding, and we've also seen companies that acknowledged and patched a finding within 60 minutes," Hussein said. "But our position has always been very strict about this topic. Companies panic and respond in seconds if their apps are down ... they should treat the safety of their customer data just the same."
Topics Cybersecurity
Previous:'We'll Be Rooting for You'
Reaching Out, Reuniting
Japanese Business Pioneer, Philanthropist Inamori Dies at 90
Yamato Drummers to Visit Northridge, Cerritos, Santa Barbara on 2022 North American Tour
Mochi and Community Spirit: Fugetsu
‘The King and I’ Closes This Weekend
Toyota Supports California’s GHG Reduction and Carbon Neutrality Goals
Japan Police Chief to Resign Over Abe Shooting Death
Terri Hokoda: The Face of Postwar Nisei Week
Kiyoshi Kurosawa’s ‘Before We Vanish’ Now Playing
Heart Mountain Wyoming Foundation Receives NEH Grant to Continue Educator Workshops
Kiyoshi Kurosawa’s ‘Before We Vanish’ Now Playing
Naomi and Elmo Talking Tennis and Sunscreen
Mamoru Hosoda’s ‘Belle’ Opens in U.S.
2022 Nisei Week Queen Candidates Make Their Debut; Coronation Set for Aug. 13
Lecture, Exhibit on Akita Dogs at Japan Foundation
Pelosi: China Cannot Isolate Taiwan by Preventing Visits
Their Time to Also Shine
Black Ops 6 Season 3 Reloaded update patch notes
UnitOne and Miyake Taiko at Armstrong Theatre
Helping Community Colleges
L.A. Day of Remembrance Set for Feb. 17Chinese American Museum, JANM, LA Plaza de Culturas y Artes Present ‘Our Shared Future Los Angeles’LETTER TO THE EDITOR: Response from a Sansei WomanBITFLEX’s Prosperity to New Users: 888 Red Packet BonanzaWirex announced a partnership with Gateway.fmA Rockin’ Night at the RavineSei Fujii Book Talk and Film Screening at OCBCOCBC Obon Festival on July 20New Year’s Dance Party Fundraiser for JACCCKagawa Poetry Monument Cleaned in Little Tokyo Who is SYNDI8, HYBE's new AI Costa Rica vs. Paraguay 2024 livestream: Watch Copa America for free Austria vs. Turkey 2024 livestream: Watch Euro 2024 for free Carballes Baena vs. Zverev 2024 livestream: Watch Wimbledon for free Fearnley vs. Djokovic 2024 livestream: Watch Wimbledon for free 2 macOS Sequoia features that you won’t get if you have an Intel MacBook Connecticut Sun vs. Minnesota Lynx 2024 livestream: Watch WNBA for free Tour de France 2024 livestream: How to watch Tour de France for free Wordle today: The answer and hints for July 7 Venezuela vs. Canada 2024 livestream: Watch Copa America quarter final for free
0.1777s , 9940.171875 kb
Copyright © 2025 Powered by 【emmanuelle a game of eroticism】MoviePass left customers' credit card numbers exposed on unprotected server,Global Hot Topic Analysis
