MoviePass,funny hot sex video the cinema subscription service that's gone from "This is too good to be true" to "What is even going on I'm so tired" in a series of reinventions, has had another setback.
The company left thousands of customer card details, and tens of thousands of customers' credit card details, visible on a server that was not password protected, according to a security research firm.
The database, which a reporter from TechCrunch observed "growing in real time," contained more than 161 million records and counting, ranging from logging details generated in the course of a normal running day to unencrypted user details. Credit or debit card details were available, too, including card numbers, expiration dates, cardholder names, and billing addresses in plaintext.
MoviePass customer cards are basically MasterCard-issued debit cards; customers pay the monthly fee, and the service loads up the cards with the price of a movie ticket when a screening is booked, so subscribers can then buy them at the box office with the card.
(A MoviePass card could technically be used to make any debit purchase, users theorise, although it would get the account holder banned pretty swiftly.)
This Tweet is currently unavailable. It might be loading or has been removed.
The unprotected dataset was detected by systems developed by Dubai-based firm spiderSilk, and confirmed manually by the firm's security team before they notified MoviePass, which did not respond.
Security researcher Mossab Hussein told Mashable while his team can't tell for sure whether the database had been accessed by other parties, they estimate the number of credit cards that could be exposed in the dataset runs into the tens of thousands, in addition to around 50,000 MoviePass cards.
SEE ALSO: A new limited MoviePass offer comes close to the tantalizing original plan"Simple best practices should have prevented any of this from happening in the first place," Hussein said. "But we see a lot of companies not worrying as much as they should, when it comes to 'internal tools' and 'internal logging.' And they justify this by saying something along the lines [of] 'Oh, it's only for internal use and analysis.'"
Mashable has contacted MoviePass's parent company Helios + Matheson for comment on the exposure, including the reasons why the database was only taken offline after TechCrunch notified them of the issue and not when Hussein reached out over the weekend.
"We've seen companies that took 30 days to acknowledge a finding, and we've also seen companies that acknowledged and patched a finding within 60 minutes," Hussein said. "But our position has always been very strict about this topic. Companies panic and respond in seconds if their apps are down ... they should treat the safety of their customer data just the same."
Topics Cybersecurity
TCG World and JPiC Will Co
TikTok's 'Untitled Bridgerton Musical' just won a Grammy
2022 Grammys: Here's how to watch live
Grammys 2022 winners: All the music videos to watch
NRG send Liquid packing in Kiev
Jane Campion becomes third woman to win Oscar for Best Director
How to change your iPhone Emergency SOS settings
New Dictionary.com update covers accessibility, climate change, and digital culture
IvoryPay to Launch Crypto Payment Gateway for Online Businesses
Oscars 2022: How to watch the Academy Awards, see the winners
L.A. Asian Pacific Film Festival Celebrates 31 Years
Elon Musk joins Twitter Board of directors
How to get screenshots from PS5 or Xbox to your phone
Why people with disabilities need meditation to be more accessible
Cardano NFT Disruptor
How to watch NASA astronaut Mark Vande Hei return from the space station
PlayStation Plus Premium price: How to lock in $60 rate with PS Now
FedEx's newest cargo plane is an autonomous drone
East West Players Presents ‘The Who’s Tommy’
'Wordle' today: Here's the March 31 answer
Czech Republic vs. Turkey 2024 livestream: Watch Euro 2024 for freePresidential debate livestream: How to watch BidenJamaica vs. Venezuela 2024 livestream: Watch Copa America for freeCopa America 2024 livestream: How to watch Copa America for freeNYT's The Mini crossword answers for June 29Wordle today: The answer and hints for June 29Canada vs. Chile 2024 livestream: Watch Copa America for freeAmazon deals of the day: Kindle Scribe Essentials Bundle, 50Panama vs. United States 2024 livestream: Watch Copa America for freeM.I.A sells literal 'tin foil hat' to supposedly block 5G waves A concerned look at whatever the hell is going on with Ryan Phillippe's Twitter Amazing Mom throws her daughter the ultimate poop Emoji face masks will moisturize your skin and terrify your friends Unsettling video captures United passenger being forcibly removed from overbooked flight Train ticket officer's savage shut down of a racist passenger is pure gold Chrissy Teigen and other celebs are roasting United right now Airbnb host banned after sending racist messages to Asian woman Hero dog opens 3 doors and escapes an animal hospital Here's why Indians are trolling The New York Times Uber's chief of communications is the latest to leave the company
0.2226s , 14328.640625 kb
Copyright © 2025 Powered by 【funny hot sex video】MoviePass left customers' credit card numbers exposed on unprotected server,Feature Flash
