Security Affairs
JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Thousands credit card numbers of MoviePass customers were exposed online

A security expert discovered that the popular movie ticket subscription service MoviePass has exposed thousands of customer card numbers and personal credit cards. The security expert Mossab Hussein from cybersecurity firm SpiderSilk, discovered that MoviePass exposed a database containing the credit card data on one of its subdomains. The archive was containing 161 million records and the amount […]

Moviepass

A security expert discovered that the popular movie ticket subscription service MoviePass has exposed thousands of customer card numbers and personal credit cards.

The security expert Mossab Hussein from cybersecurity firm SpiderSilk, discovered that MoviePass exposed a database containing the credit card data on one of its subdomains. The archive was containing 161 million records and the amount of data continues to grow in real-time.

The researcher discovered that the records in the database were not encrypted.

The database included both data logs and sensitive user data, such as customer card numbers. According to Techcrunch, which analyzed a sample of 1,000 records, data are authentic.

“We reviewed a sample of 1,000 records and removed the duplicates. A little over half contained unique MoviePass debit card numbers. Each customer card record had the MoviePass debit card number and its expiry date, the card’s balance and when it was activated.” reported Techcrunch.

Moviepass

The archive contained more than 58,000 records including card data, and according to the expert, it was growing over time.

The unsecured database also contained customers’ personal credit card numbers and their expiry date, along with billing information (names and postal addresses). In some cases, available data could expose owners to frauds.

Logging data included email addresses and incorrectly typed passwords.

Hussain attempted to report his discovery to MoviePass, but he did receive any reply. The service was taken offline after TechCrunch reported the issue to the company.

TechCrunch reported that security firm RiskIQ first detected the exposed archive in late June, the database may have been exposed for months.

“We keep on seeing companies of all sizes using dangerous methods to maintain and process private user data,” Hussein told TechCrunch. “In the case of MoviePass, we are questioning the reason why would internal technical teams ever be allowed to see such critical data in plaintext — let alone the fact that the data set was exposed for public access by anyone,”.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – data leak, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]