The breach was discovered by Mossab Hussein, a security researcher at SpiderSilk, a cybersecurity firm in Dubai, the report said. Hussein confirmed to CNN Business the database he found contained millions of entries, some of which had sensitive data such as MoviePass customer card numbers.
MoviePass customers are issued cards that function like debit cards. Customers pay a monthly subscription fee to watch a maximum of one movie a day. MoviePass loads the full cost of a movie onto their card and the cash balance can then be used to pay for movies at theaters.
Hussein told CNN Business that when the data was discovered, he emailed MoviePass CEO Mitch Lowe to report it. When he didn’t hear back after a few days, Hussein reached out to TechCrunch.
“We feel the average customer should have the right to know about such incidents ASAP, and as transparently as possible,” Hussein said.
MoviePass said it would continue to disclose information about the incident.