Movie ticket subscription service MoviePass has confirmed that some of its customers' personal data, including credit card numbers, may have been exposed online.
In a statement to Variety, MoviePass said Wednesday the security lapse was recently discovered and the system was immediately security.
Tech Crunch was first to report on the issue Tuesday and said a security researcher had discovered a massive database was left exposed without a password on one of the company's servers.
Tech Crunch said it reviewed some of the records and found it contained tens of thousands of MoviePass card numbers and customers' personal credit card information.
“MoviePass takes this incident seriously and is dedicated to protecting our subscribers’ information,” a spokesperson said in a statement to Variety and Tech Crunch. “We are working diligently to investigate the scope of this incident and its potential impact on our subscribers. Once we gain a full understanding of the incident, we will promptly notify any affected subscribers and the appropriate regulators or law enforcement.”
The past two years have been filled with massive highs and lows for MoviePass. The company got massive attention in Aug. 2017 by offering consumers the ability to see one movie every day of the year for just $9.95 per month. But since then, it's raised prices, limited access to certain films, and restricted the number of movies its subscribers could see each week.
In July, MoviePass announced it would be suspending the service to work on improvements. A post on the company's website said Thursday that the service "has been restored to a substantial number of our current subscribers and we are hoping to take steps to restore service to all our current subscribers."
Then in August, a report from Business Insider claimed the company had purposely changed the passwords of some of its customers to try and prevent them from ordering tickets.
MoviePass has yet to confirm how many accounts and customers had their personal data exposed in the security lapse.