MoviePass Woes Now Include Data Breach (UPDATE: Did it Cause the Company’s Demise?)

All posts

Editor's Note: In the two days since this article was first written, MoviePass has decided to shut down for good. It begs the question: was the data breach the last straw? 

MoviePass just can’t catch a break. 

In late August, the beleaguered movie ticket subscription service announced tens of thousands of customer card numbers may have been inadvertently exposed.

The information was sitting on a critical server which had not been protected with a password, the company said. The server included a massive database containing 161 million records, including sensitive user information like MoviePass customer card numbers and billing information, as well as names and postal addresses. None of this information was encrypted.

MoviePass customer cards work much like debit cards. A subscriber selects a showtime from a roster of supported theaters and purchases the ticket through the MoviePass app. The cost of the ticket is then loaded onto the card, and the customer uses it to pay for the ticket at the theater. Subscribers can see three movies a month for a flat rate of $9.95.

Exposed for months

The database had been sitting exposed since May of 2019, available to anyone who wanted to use  the data for their own ends—including identity theft or fraudulent purchases.

The breach was discovered by noted cybersecurity researcher Mossab Hussain, who works for the Dubai-based IT company SpiderSilk. When Hussain made his discovery public, MoviePass quickly secured the system and issued the following statement:

“MoviePass recently discovered a security vulnerability that may have exposed customer records. After discovering the vulnerability, we immediately secured our systems to prevent further exposure and to mitigate the potential impact of this incident. MoviePass takes this incident seriously and is dedicated to protecting our customers’ information.”

The company stopped short of confirming the total number of customers affected, stating only that it is investigating the incident and will notify affected customers.

The death knell?

As recently as August 2018, MoviePass subscribers were able to see as many movies as they like for a flat rate of $9.95 per month, which was later reduced to three movies per month. Readers can be forgiven if they have trouble making sense of the economics—movie tickets can run $15 apiece, depending on the market. MoviePass owner Helios and Matheson has long claimed it would make up the loss on ticket sales by aggregating and reselling customer data. The business model was flimsy at best, and investors never quite got on board with it. The company’s stock has endured a number of reverse splits, and was even delisted from the New York Stock Exchange. 

MoviePass has been on a roller coaster since it became popular among mainstream audiences. The company quickly grew its customer base to three million customers in less than two months, but has been on a downtrend ever since. Foremost, the company has long struggled to be profitable as its customer data-reselling scheme has failed to take flight. 

In early 2019, the company briefly stopped operating when it ran out of money and had to raise $6 million in outside investment. It also faces a pair of major lawsuits, one from the New York Attorney General alleging securities fraud and another from a class of customers alleging a “bait-and-switch” tactic was employed when the unlimited movie option was taken away.

In recent months, the company’s subscriber numbers have taken a nosedive.  Leaked internal data from April said its customer numbers went from three million subscribers to about 225,000. 

What can MoviePass do now?

(Update: they shut down.)

MoviePass could have prepared ahead of time for each of these issues, especially the data breach. Putting controls in place, preparing response plans, automating processes, and keeping key personnel up-to-date would have gone a long way toward preventing the existential crisis in which MoviePass now finds itself.  LogicGate’s Business Continuity Management software could have helped MoviePass understand its vulnerabilities and take corrective actions before they cause reputational damage.  Checks-and-balances like these keep companies on the right track and out of the headlines.


For more on Business Continuity Management Software, check out LogicGate's brochure below.

View Brochure



All posts

Related Posts

View all posts