
MoviePass exposed thousands of unencrypted customer card numbers - momentmaker
https://techcrunch.com/2019/08/20/moviepass-thousands-data-exposed-leak/
======
rvz
This breach could have been avoided by simply having security audits of the
service and customer data and using a secure hash algorithm (Bcrypt) for the
user data. There isn't an excuse for this to happen, especially in 2019. If
you have an account with MoviePass, the following details about this breach
should concern you:

> None of the records in the database were encrypted.

What could possibly go wrong here? /s

>..We found records with enough information to make fraudulent card purchases.

So a MoviePass account also has unencrypted account data (Name, email,
address, card no., etc) to make it possible to perform fraudulent card
purchases?

Magnificent. /s

> The security researcher said he found the exposed database using his
> company-built web mapping tools, which peeks into non-password protected
> databases that are connected to the internet

So there was no password protecting these accounts in the first place anyway?
Who's idea was that?

> “MoviePass takes this incident seriously and is dedicated to protecting our
> customers’ information.

Here we go again.

------
sarcasmatwork
I dont understand how this still happens today. There is process and
procedures for handling customers data. This is one company that wont see any
of my money.

