Cybercrime and cybercriminal

Cybercrime: Why The MoviePass Database Should Be a Warning to Us All

Since it’s appearance on the market, MoviePass was touted as a great way to pay a lower monthly amount in the form of a subscription for going to the movies. If you were an ardent cinema lover, it was the perfect brand to connect with. 

TechCrunch reported recently, however, that MoviePass exposed thousands of their customers to hackers and cybercriminals because a server that contained data wasn’t protected at all. 

The database in question held a lot of personal information that could be useful to cybercriminals but the issue was not recognized or dealt with for several months. This essentially meant that private information was left accessible to the general public, exposing some 58,000 customers’ information. Because MoviePass had around 3 million subscribers at its peak in 2018, it could have been a lot more. 

There’s some confusion on what kind of subscriber information was left on the server and how many entries included sensitive data such as passwords and bank details but the length of time that the database was left exposed means much could now be on the dark web for sale. 

There is real concern that MoviePass may well have exposed many of the customers to the potential for cybercrime attacks in the future. This is compounded by the fact that the company used debit cards which generally offer less protection than credit cards. 

How MoviePass Opened Itself up to Cybercrime

There were two issues with MoviePass that all companies that collect and store personal data need to be aware of. The first was that data was actually available in plain text and anyone could read it. The second is not having the appropriate security configuration in place to make sure the data was not accessible in the first place to the general public. 

There’s no doubt that the issue MoviePass found contributed to people leaving their site. In short, as consumers, we’re not likely to sign up to sites we don’t trust to handle our data properly. It takes just one episode such as this to cause long term and immediate damage to your business reputation.