The movie subscription service didn’t encrypt or password-protect a database, according to a report.
MoviePass reportedly left customers' card numbers and credit card details exposed after failing to password protect a database. Tens of thousands of users were affected, according to the report Tuesday from TechCrunch.
MoviePass immediately secured its systems to prevent further exposure, a spokesperson said in a statement Thursday.
"MoviePass takes this incident seriously ... we are working diligently to investigate the scope," the spokesperson added in an emailed statement. "Once we gain a full understanding of the incident, we will promptly notify any affected subscribers and the appropriate regulators or law enforcement."
More than 160 million records were left unencrypted, TechCrunch reported, citing the findings from cybersecurity company SpiderSilk. The report said the database remained online until TechCrunch reached out to the movie subscription service Tuesday.
MoviePass came under fire last year by reactivating accounts and asking former customers to opt out of being subscribed again. And that came after MoviePass mayhem that included surge pricing at peak times, a temporary service outage attributed to insufficient funding and a Mission: Impossible blackout.
Earlier this month, the company also faced criticism after it was reported that MoviePass changed passwords to keep users from ordering tickets.
MoviePass in March 2018 dropped its $9.95 per month plan to $6.95, but then the price went back up. A month later, it then altered its terms of service so you could see any given movie only once.
In May 2018, its unlimited plan vanished but returned a few days later. After that, the service made an effort to combat fraud by requiring ticket-stub photos.
MoviePass brought back the $9.95 unlimited plan in March this year.
Originally published Aug. 20, 3:29 p.m. PT.
Update, Aug. 22: Adds statement from MoviePass.