• About
  • Advertise
  • Careers
  • Contact
Sunday, April 2, 2023
No Result
View All Result
NEWSLETTER
Cyber360 News
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
No Result
View All Result
Cyber360 News
No Result
View All Result
Home Data Breach

MoviePass database exposes 161 million records

by Cyber360 News
November 11, 2019
in Data Breach
0
MoviePass database exposes 161 million records
0
SHARES
1
VIEWS
Share on FacebookShare on Twitter

An exposed database on a MoviePass subdomain
housing 161 million records was left unsecured and exposed credit card and
customer card information on at least 60,000 of the ticket service’s
customers. 

The database, which included expiration dates,
names and addresses on some users as well as email and passwords, was
discovered by SpiderSilk security researcher Mossab Hussein, according to a report
from TechCrunch, which said the information may have been exposed for several
months. 

“Because a database
was left publicly accessible, reportedly for months, at least 58,000 records
related to MoviePass customers are vulnerable to misuse and abuse at the hands
of cybercriminals,” said Stephan Chenette, Co-Founder and CTO at AttackIQ. “At its peak, MoviePass boasted more than 3
million customers in June 2018, so it’s entirely possible we’ll see the number
of impacted individuals grow exponentially.”

And while it’s a “bit
unclear how many of these records included sensitive consumer data,” said Jumio
President Robert Prigge, “what we should all expect is that a healthy chunk of
this data will ultimately find a happy home on the dark web.”

Because “technically,
this breach can be interpreted as the company giving away customer data for
free” and because the exposed data included personally identifiable information
and payment card details, it leaves “impacted customers vulnerable to future
fraud or phishing attacks,” said Arkose Labs CEO Kevin Gosschalk.

The once rapidly growing, but often
financially challenged, MoviePass popped up last year to great fanfare,
attracting millions of customers who pony up a monthly subscription fee and use
MasterCard-issued debit cards to pay for movie passes.

 “Unlike credit cards, debit cards don’t offer
the same protection to customers. When a fraudulent transaction occurs on your
credit card, you have lost no money and the issue will never impact your bank
account. With a debit card, your bank account balance is directly affected from
the moment the fraudulent transaction takes place. While the customers can put
a hold on their cards, timing is the key in these types of situations. As
this database was left publicly accessible, reportedly for months,
companies must learn from MoviePass’s mistake and implement a proactive
approach to fraud prevention that safeguards their customers’ data.”

Adam Laub, CMO at STEALTHbits Technologies, sees “two separate, yet closely related components” to the MoviePass breach. “On one side you have a database rich with sensitive, personally-identifiable information that is readable in plaintext,” he said. “On the other, you have a misconfiguration that allows anyone with internet access to view that information. Which is worse?”

Laub said if the data had “been masked, the
information would still be accessible, but perhaps not so immediately valuable”
but “if access rights were configured properly and appropriately, this
discovery might never have been made and there would be no story in the first
place.”

Both are problematic. “A layered approach to
security is the ideal scenario, but either could have conceivably been enough
to make this a non-issue,” he said. “While convenient to say in light of this
particular situation, organizations of any type or size can drastically
mitigate their risk of finding themselves in these types of situations by
focusing their time on locating and limiting access to the data attackers would
be most interested in, as well as verifying desired configurations are being
adhered to across all devices and information assets.

MoviePass had trouble keeping pace with its rapid growth and has reportedly seen a drop in membership to fewer than 225,000 subscribers. The movie subscription service could see its reputation – and financial future – continue to dive after this latest incident, which came at a particularly crucial juncture following a series of unfortunate events. “MoviePass reportedly obstructed its customers from buying tickets by forcibly changing user passwords in April 2019,” said Ben Goodman, senior vice president of global business and corporate development at ForgeRock. “According to a recent survey from PwC, 87 percent of consumers take their business elsewhere if they do not trust a company is handling their data responsibly, so it will not be surprising if affected customers take their business to alternative services like Regal Entertainment’s Regal Unlimited instead.” 

Cyber360 News

Cyber360 News

Next Post
Capital One hacker to ask for release on bail

Capital One hacker to ask for release on bail

Recent Posts

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

October 6, 2021
Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

October 1, 2021
Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

October 1, 2021

Whats New in Kali Linux?

September 14, 2021

Kali Linux 2019.3 Release (CloudFlare, Kali-status, metapackages, Helper-Scripts & LXD)

September 14, 2021

Kali Linux 2021.3 Release (OpenSSL, Kali-Tools, Kali Live VM Support, Kali NetHunter Smartwatch)

September 14, 2021

Kali Linux 2018.4 Release

September 14, 2021

Kali Linux 1.0.5 and Software Defined Radio

September 14, 2021

Kali Tools Website Launched, 1.0.9 Release

September 14, 2021

Kali Linux Dojo at Black Hat Vegas 2016

September 14, 2021

Category

Site Links

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

About Us

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Check our landing page for details.

© 2019 Cyber360 News - Powered by WebSensePro

No Result
View All Result
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us

© 2019 Cyber360 News - Powered by WebSensePro

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In