Things have been pretty rough for MoviePass lately, and today things got a little worse.
It's been discovered that MoviePass left thousands of customer credit card numbers exposed on a server that was not being protected with a password. In addition to these personal credit card numbers, the database included the cards' expiration dates, billing info, names, and addresses. TechCrunch says that there was enough info to make some fraudulent card purchases.
MoviePass customer card numbers were in the database as well. These work like debit cards and are loaded up with a cash balance to pay for the cost of a movie at the theater. Also found in the database were email addresses and some password data from failed login attempts.
The exposed database was found by security researcher Mossab Hussein, who told MoviePass CEO Mitch Lowe about it over the weekend. Hussein never heard back, though, and only today after news of the exposed info got out did MoviePass take the database down. According to data gathered by cyberthreat intelligence firm RiskIQ, the database could have been exposed for months.
MoviePass hasn't issued a statement on this matter.
Last year, MoviePass became a huge thing, letting customers see one movie every day for $9.95 per month and growing from 1.5 million to 2 million customers in less than a month. The company ran into issues afterward, including running out of money at one point. It also made changes to its service plan, and now customers pay $19.95 per month to see one movie per day, though your movie choices may be restricted.
MoviePass recently paused service for weeks, saying that it was taking the time to improve its mobile app. The company now says that it has restored service to a "substantial number" of customers, but it's not accepting new customers until all existing customers regain service. The company is said to have around 225,000 subscribers.