American subscription-based movie ticketing service MoviePass has reportedly exposed thousands of unencrypted customer card numbers and personal credit cards because a critical server was not protected with a password.
The database is said to be massive, containing 161 million records at the time of writing and growing in real-time. Many of the records were normal computer-generated logging messages used to ensure the running of the service – but many also included sensitive user information, such as MoviePass customer card numbers, TechCrunch reported on Wednesday.
A cyber-security expert named Mossab Hussain, from a Dubai-based firm named SpiderSilk, discovered the unprotected server and shared sample data sets with TechCrunch to confirm that MoviePass was in fact leaving the data unencrypted and accessible to anyone.
There is no information whether MoviePass’ customer information was ever collected or disseminated by a malicious third party.
However, Hussain’s findings about the state of MoviePass’ security are deeply troubling. Given the mountain of controversies MoviePass has faced in the past, it’s easy to see how cyber-security could fall by the wayside, according to The Verge.