A MoviePass Security Gaffe Leaves Tens of Thousands of Accounts Exposed

zhuzhu/iStock via Getty Images
zhuzhu/iStock via Getty Images

When MoviePass launched a $9.95 subscription service in 2017, it was heralded as nothing less than a revolution in the moviegoing experience. The monthly fee allowed once-daily admission to first-run theatrical films at all of the major chains. Roughly 1 million people signed up for the app in the first four months alone. But AMC and other exhibitors resisted the business plan, leading to dwindling benefits and bad press.

Now, MoviePass is dealing with another issue: Leaving the customer card numbers of at least 58,000 users, plus many credit card numbers, easily accessible on a server.

According to TechCrunch, the data was first discovered by Dubai-based security firm SpiderSilk and security researcher Mossab Hussein. The cards were left unencrypted and available to review on the server without the need for a password. MoviePass cards are issued by Mastercard and operate like conventional debit cards, with pre-loaded balances that pay the full admission price at theater chains. The unsecured server also had conventional credit card information for customers that are used to pay the MoviePass subscription. These records included billing addresses. TechCrunch stated that among the records they reviewed, some contained enough information to make fraudulent purchases.

The database was taken offline this week, but it’s believed it had been open and accessible for months. Security researcher Nitish Shah said he discovered the database earlier in the year, wrote MoviePass to warn them, but received no reply. In a statement, MoviePass CEO Mitch Lowe said the company was looking into it and would notify affected customers. In the interim, it's probably wise for MoviePass subscribers to monitor affiliated credit cards for any suspicious charges.

[h/t Gizmodo]

If You Pay for Netflix or Hulu Through iTunes, You Could Be Saving 15 Percent Each Month

KellyISP/iStock via Getty Images
KellyISP/iStock via Getty Images

For prices ranging from $8.99 to $15.99 a month, streaming services like Netflix offer some of the best value in entertainment. But a growing number of platforms—including Amazon Prime, Hulu, and forthcoming services from Disney and Apple—means that viewers might be looking to cut costs. Fortunately, there’s a way to do that that requires only minimal effort. Is there a catch? Naturally. We’ll explain.

In a post for MoneyTalksNews, writer Donna Freedman points out that warehouse chains like Costco offer gift cards for iTunes at a 15 percent discount. A $100 card might cost just $85, for example. You can then use the card to pay for your Netflix or Hulu subscription if you currently pay for the service through iTunes.

Here’s the first of two wrinkles: Costco runs these deals only periodically, so you’ll have to catch the cards—which are usually limited to two per customer—during their window of availability. Second, Netflix is no longer using iTunes as a pay portal for new members. Members who use iTunes will be redirected toward Netflix’s own billing interface. That’s because Netflix was apparently tired of giving Apple a cut of membership revenue. However, existing Netflix members who are still tied into iTunes billing prior to the switch in late 2018 are able to apply the iTunes cards as payment. By purchasing them from a warehouse club, they’ll be able to save the 15 percent. So can new or existing Hulu members, who can opt to subscribe via iTunes.

Not a Costco member? There’s a workaround for that, too. Have a friend or relative purchase a Costco Cash Card, which can be used by non-members but tacks on a 5 percent surcharge, reducing the iTunes savings to 10 percent. Alternately, just have them buy the iTunes card on your behalf.

Does this seem like a lot of effort for minimal savings? For some people, it might. But if your streaming platforms are beginning to add up, knocking the price down by 15 percent might be worth the hustle.

[h/t MoneyTalksNews]

Equifax Might Owe You Money for the 2017 Data Breach. Here's How to Find Out How Much

alexialex/iStock via Getty Images
alexialex/iStock via Getty Images

Data breaches affecting hundreds of millions of people are a sad reality of our interconnected world, but the 2017 Equifax breach was a major event by any standard. The credit reporting agency hack resulted in roughly 147 million people having their personal information compromised, with names, addresses, and Social Security numbers stolen for use in subsequent identity theft.

If you were one of the people who had to endure your data being disclosed and used without consent, there is some good news: The Federal Trade Commission (FTC) recently approved a $425 million settlement with Equifax that will be used to compensate victims, with some consumers eligible to receive up to $20,000 for their troubles. Naturally, there's a catch.

To find out how much compensation you’re entitled to, you’ll need to go to the breach settlement website and file a claim. The site will be able to tell you if your information was impacted, making you eligible for four years of free credit monitoring at all three major credit bureaus: Equifax, Experian, and TransUnion. Equifax originally offered people the option of a $125 cash payment instead of the credit monitoring, but later withdrew the offer, citing limited funds. People can still opt for the cash payment, but Equifax has warned the amount will be significantly less than they initially promised.

If you’re one of the consumers who had to spend a significant amount of time protecting your identity due to hackers sharing and using your personal data, it’s still possible Equifax owes you money. The settlement allows for people to claim up to 10 hours of identity restoration efforts at $25 an hour with only minimal paperwork required. You’ll need to describe the actions taken as a result of the breach, like phoning credit card companies or dealing with unauthorized charges.

If you claim between 10 and 20 hours, you’ll need to go a step further and provide documentation proving fraud or identity theft happened as a result of the breach. If you have a paper trail, you can also claim expenses incurred in an effort to resolve the issue. That could mean professional fees to help restore your identity, mileage if travel was required, or document notarization.

In summary: If your data was affected, you’re eligible for free credit monitoring at minimum. If you spent 10 hours or less dealing with the fallout of the breach and can describe the steps you had to take, you can claim $25 an hour, or a max of $250. If you spent between 10 and 20 hours, you’ll need documentation to prove fraud occurred. That could net you an additional $250. You can also use those documents to request compensation for fees incurred to resolve the problem of up to $20,000. That could mean someone making large and unauthorized purchases on a card that were not refunded by the credit card company, for example.

It’s not likely most people will see the full $20,000 unless they really suffered a significant blow to their financial profile, and Equifax has already cautioned these payouts may be affected by the number of people submitting claims. In other words, you may be eligible for $500, but the amount could be reduced if a large number of people make similar and proven claims.

The deadline to file a claim is January 22, 2020. There’s one additional wrinkle: While the FTC and Equifax have agreed to the settlement, it still needs to be approved by a court. That’s likely but not guaranteed. You’ll also have to spend time preparing a lot of paperwork to see any significant amount of money. But at least it’s something.

[h/t Lifehacker]

SECTIONS

arrow
LIVE SMARTER