MoviePass hasn’t had the best run of press lately. The once trendy movie subscription service that ballooned to over three million members at its peak has been hammered by accusations of poor customer service and shady business practices. Now it’s getting hit with new allegations that it may have left the credit card information of some of its subscribers exposed and without encryption.
According to Tech Crunch, the alleged security issue is related to a database on one of the company’s subdomains. Security researcher Mossab Hussein, working for the cyberfirm Spider Silk, allegedly uncovered the database and found more than one hundred million records inside. An overwhelming majority of the files were reportedly just standard, unimportant logs, but upon further review, more than ten thousand also reportedly contained credit card information of MoviePass users. Some of the information was reportedly encrypted. Some of it was not. Some of the information was reportedly related to the debit cards MoviePass users were given to redeem tickets, and some were from personal credit cards people used to sign up for the service.
To be clear, there is no information at this time that hackers found and used any of the information to make fraudulent purchases. A few days after the company was alerted of the apparent hole in its security system, the database was allegedly secured and is no longer accessible. Unfortunately, even if no negative reprecussions will come to any users from this, it represents yet another bad press-style allegation against the company that once seemed poised to upend the entire movie theater industry.
Back in the summer of 2018, MoviePass was all the rage, and it felt like, all anyone was talking about. For only $10 a month, a subscriber could see a different movie every day, and MoviePass would foot the bill, effectively losing money (in most parts of the country and during most times of the day) whenever someone decided to go to the theater. The model seemed crazy to many observers, but MoviePass was confident it would eventually hit a threshold in which it would pick up enough casual, every once in awhile users to cover the more active participants. Executives compared it to an all you can eat buffet, in which, after a few days of gorging themselves, the average person would eventually return to eating a normal amount.
Unfortunately, depending on how you look at things, either this logic ultimately proved false or the company simply ran out of money before that process happened. In a scramble to stay afloat, MoviePass took out loans, changed the rules, took the service offline, relaunched and tried a system in which tickets were only offered for select movies. There are even allegations it changed more active users' passwords in an attempt to lock them out of the system.
All of the above resulted in a lot of consumer frustration. Rumors have swirled that the service may be down to just 225,000 paying customers, which is less than 10 percent of its peak. It’s unlikely this story will help reverse that trend.