Movie ticket subscription service MoviePass confirmed that a data breach may have exposed tens of thousands of customer card numbers and personal credit cards.
The company confirmed a TechCrunch report from Tuesday that one of its databases was exposed. Mossab Hussein, a security researcher at Dubai-based cybersecurity firm SpiderSilk, told TechCrunch he had found an exposed database on one of the company’s many subdomains. The database contained up to 161 million records.
In a statement to CNN, Moviepass said a security lapse was recently discovered and its system was immediately secured.
The data breach is the latest in the long line of problems for MoviePass since it launched in 2017. In March, MoviePass parent Helios and Matheson Analytics said that the money-losing subscription service has fewer subscribers than previously disclosed.
Despite its troubles, MoviePass has looked to relaunch itself by bringing back its $9.95 Movie-Per-Day plan in March. The eye-catching plan had restrictions for the new MoviePass Uncapped offering, including subscribers having to pay for 12 months in advance, and only being eligible to view 2D films offered within the MoviePass network.
The latest pricing change followed a cash crunch for owners Helios and Matheson and a plunge in its share price, and a big leg down for MoviePass after it launched in 2017 by offering as many as 30 tickets a month to the local cinema for the price of one.
MoviePass has also abandoned a three-tier pricing structure introduced in December 2018 where customers — depending upon where they live — would pay anywhere from $9.95 to $24.95 a month to see three movies a month, for a total 36 movies a year.
Now MoviePass is no longer offering the Select, All Access and Red Carpet plans for purchase, retaining them only for users who subscribed to them.