MoviePass confirmed this week that a data breach potentially compromised thousands of credit card numbers belonging to their customers.
TechCrunch reported earlier this week that MoviePass, the troubled subscription service that allows members to see one movie per day for a low monthly cost, had allegedly leaked private credit card information from thousands of members. The database, according to the report, contains 161 million private records. Some of the private records contained just MoviePass account information. Other records contained entire credit card numbers and their associated billing addresses.
After initially ignoring requests for comment, MoviePass CEO Mitch Lowe said in a brief comment that MoviePass is working to prevent further security breaches.
“MoviePass recently discovered a security vulnerability that may have exposed customer records. After discovering the vulnerability, we immediately secured our systems to prevent further exposure and to mitigate the potential impact of this incident,” Lowe said in the short comment. “MoviePass takes this incident seriously and is dedicated to protecting our customers’ information. We are working diligently to investigate the scope of this incident and its potential impact on our customers. Once we gain a full understanding of the incident, we will promptly notify any affected subscribers and the appropriate regulators or law enforcement.”
Cybersecurity expert, Mossab Hussein that found the data breach claims that the data was available for months. As early as May 2019, Hussein contacted MoviePass with evidence of the data breach. According to Hussein, failed to reply or address the issue.
Breitbart News reported earlier this month that MoviePass had allegedly changed the password of high-volume users that were seeing too many movies. “I’m pretty sure they did the new app today to keep people from seeing Avengers on opening night,” one user wrote on Reddit around the time of the alleged password changing.