Subscription-based ticketing service MoviePass encounters yet another glitch, as a data leak exposes user’s credit card information. Parented by Helios & Matheson Analytics, MoviePass launched in 2011 but didn’t break into the mainstream until 2018, when they lowered their services to $9.95/month. At a glance, MoviePass was formulated to let users see one film per day in theaters. The opportunity to view a plethora of flicks on the big screen at such a low cost sounds almost too good to be true. Unfortunately, MoviePass subscribers are learning how correct that initial assessment is, given the current issues.
Founded by entertainment entrepreneurs Stacy Spikes and Hamet Watt, MoviePass is supported in over 91% of theaters nationwide. However, the business model has faced resistance from major cinema chains and a slew of controversies. MoviePass mayhem arose in 2017 when the service slashed their prices to a meager $9.95/month, resulting in a subscriber surge. The unprecedented amount of signups caused the MoviePass website to crash, and formulated a rivalry with AMC theaters. Struggling to keep up with demand and fulfill the needs of 2 million users, MoviePass restricted users to three movies each month. MoviePass continued to drown in boiling water as the company was investigated by the New York attorney general, blacked-out viewings for blockbuster films, and was caught trying to uncancel users' accounts, without user permission.
Now, MoviePass’ bleak reputation is further tarnished. According to TechCrunch, MoviePass subscriber's credit card data has been exposed. Due to a critical server not being protected with a password, tens of thousands of customer credit cards and personal credit cards were left unencrypted. Raw and exposed information also includes email addresses, password data, and billing information. Reportedly, the database has been in a vulnerable state for months. Security researcher Mossab Hussein found the exposed database and attempted to contact MoviePass CEO, Mitch Lowe. Lowe acknowledged the incident to the public numerous days later:
MoviePass recently discovered a security vulnerability that may have exposed customer records. After discovering the vulnerability, we immediately secured our systems to prevent further exposure and to mitigate the potential impact of this incident. MoviePass takes this incident seriously and is dedicated to protecting our customers’ information. We are working diligently to investigate the scope of this incident and its potential impact on our customers. Once we gain a full understanding of the incident, we will promptly notify any affected subscribers and the appropriate regulators or law enforcement.
Earlier this week, the database was taken offline. MoviePass has declared they will continue to disclose information about the incident and are notifying affected users. Moving forward, MoviePass subscribers should continuously check their bank statements and credit card statements for any suspicious charges.
MoviePass was intended to be the Netflix of movie theaters. However, the service has strayed far from its original intentions. Racked with controversy, inaccuracy, and laxity, the MoviePass platform appears to have caused more harm than good. The recent blunder of MoviePass has affected its users on a new level. Exposing personal data causes more strife then restricting the number of movies allotted in a month and this could be the final straw for subscribers who were already hesitant of their MoviePass service. It remains to be seen if the current news will be the official demise of MoviePass.
Source: Tech Crunch