MoviePass exposed thousands of unencrypted customer card numbers

Movie ticket subscription service MoviePass has exposed tens of thousands of customer card numbers and personal credit cards because a critical server was not protected with a password.

Mossab Hussein, a security researcher at Dubai-based cybersecurity firm SpiderSilk, found an exposed database on one of the company’s many subdomains. The database was massive, containing 161 million records at the time of writing and growing in real-time. Many of the records were normal computer-generated logging messages used to ensure the running of the service — but many also included sensitive user information, such as MoviePass customer card numbers.

These MoviePass customer cards are like normal debit cards: they’re issued by Mastercard and store a cash balance, which users who sign up to the subscription service can use to pay to watch a catalog of movies. For a monthly subscription fee, MoviePass uses the debit card to load the full cost of the movie, which the customer then uses to pay for the movie at the cinema.

We reviewed a sample of 1,000 records and removed the duplicates. A little over half contained unique MoviePass debit card numbers. Each customer card record had the MoviePass debit card number and its expiry date, the card’s balance, when it was activated.

The database had more than 58,000 records containing card data — and was growing by the minute.

We also found records containing customers’ personal credit card numbers and their expiry date — which included billing information, including names, and postal addresses. Among the records we reviewed, we found records with enough information to make fraudulent card purchases.

Some records, however, contained card numbers that had been masked except for the last four digits.

The database also contained email address and some password data related to failed login attempts. We found hundreds of records containing the user’s email address and presumably incorrectly typed password — which was logged — in the database. We verified this by attempting log into the app with an email address and password that didn’t exist but only we knew. Our dummy email address and password appeared in the database almost immediately.

None of the records in the database were encrypted.

Hussain contacted MoviePass chief executive Mitch Lowe by email — which TechCrunch has seen — over the weekend but did not hear back. It was only after TechCrunch reached out Tuesday when MoviePass took the database offline.

It’s understood that the database may have been exposed for months, according to data collected by cyberthreat intelligence firm RiskIQ, which first detected the system in late June.

We asked MoviePass several questions — including why the initial email disclosing the security lapse was ignored, for how long the server was exposed, and its plans to disclose the incident to customers and state regulators. When reached, a spokesperson did not comment by our deadline.

MoviePass has been on a rollercoaster since it hit mainstream audiences last year. The company quickly grew its customer base from 1.5 million to 2 million customers in less than a month. But MoviePass took a tumble after critics said it grew too fast, forcing the company to cease operating briefly after the company briefly ran out of money. The company later said it was profitable, but then suspended service, supposedly to work on its mobile app. It now says it has “restored [service] to a substantial number of our current subscribers.”

Leaked internal data from April said its customer numbers went from three million subscribers to about 225,000. And just this month MoviePass reportedly changed user passwords to hobble access for customers who use the service extensively.

Hussain said the company was negligent in leaving data unencrypted in an exposed, accessible database.

“We keep on seeing companies of all sizes using dangerous methods to maintain and process private user data,” Hussain told TechCrunch. “In the case of MoviePass, we are questioning the reason why would internal technical teams ever be allowed to see such critical data in plaintext — let alone the fact that the dataset was exposed for public access by anyone,” he said.

The security researcher said he found the exposed database using his company-built web mapping tools, which peeks into non-password protected databases that are connected to the internet, and identifies the owner. The information is privately disclosed to companies, often in exchange for a bug bounty.

Hussain has a history of finding exposed databases. In recent months he found one of Samsung’s development labs exposed on the internet. He also found an exposed backend database belonging to Blind, an anonymity-driven workplace social network, exposing private user data.

Read more:

Watch the trailer for the Apple TV+ drama ‘The Morning Show’

Apple is giving viewers their first extended look at “The Morning Show,” a drama starring Jennifer Aniston, Reese Witherspoon and Steve Carell.

Previously, all that we’d seen from the show were a few brief clips in a broader promo for Apple’s upcoming subscription service TV+, followed by an ominous teaser trailer that was literally just shots of a TV control room, accompanied by audio clips where people talked about how incredibly  important the news business is.

This trailer dials down the Aaron Sorkin vibe and sets up up a story where Aniston and Carrell are longtime hosts of a morning TV show — but Carrell gets fired, so a search for fresh talent leads the producers to a younger reporter played by Reese Witherspoon.

While the story and characters appear to be fictional, they draw on the real-world drama depicted in Brian Stelter’s book “Top of the Morning.”

“The Morning Show” is scheduled to debut sometime this fall on Apple TV+. This will likely to be one of the first titles on the service (which still doesn’t have an announced price or launch date), but Apple has a lot more content in the works.

Original Content podcast: Netflix’s ‘Wu Assassins’ is a punching, kicking delight

When we reviewed “Another Life” last week, we described it as an old-fashioned science fiction space show, something that’s been absent from TV for the past decade or so. “Wu Assassins” is another new Netflix series, and it’s also is a kind of a throwback — this time to ’90s martial arts series like “Vanishing Son” and “Kung Fu: The Legend Continues.”

As we explain in the latest episode of the Original Content podcast, “Wu Assassins” — which tells the story of Kai, a San Francisco chef who receives mystical powers and must battle powerful nemeses known as the Wu Lords — has plenty of delightfully cheesy writing and special effects. But it’s set apart from those older shows in a couple key ways.

First, there’s the fact that Indonesian martial arts star Iko Uwais (who you might recognize from “The Raid” and “Star Wars: The Force Awakens”) plays as Kai — he’s not a great dramatic actor, but once the action starts, he becomes a blur of punches and kicks.

The producers have surrounded Uwais with other other accomplished martial artists, so the resulting fight scenes are extraordinary. “Wu Assassins” includes a couple big set pieces, but even more remarkably, every single fight (and there are plenty) feels like it’s been choreographed for the perfect mix of beauty and brutality.

Even better, there’s Byron Mann’s performance as Uncle Six, a ruthless triad boss who has a long history with Kai. Mann brings real charisma and humanity to his performance, and he turns his dramatic scenes with Uwais into absolute highlight of the show. Plus, he’s just as compelling when he’s called upon to beat the crap out of his enemies.

In addition to praising “Wu Assassins,” we also discuss the CBS-Viacom merger and listener response to our review of “Another Life.”

You can listen in the player below, subscribe using Apple Podcasts or find us in your podcast player of choice. If you like the show, please let us know by leaving a review on Apple. You can also send us feedback directly. (Or suggest shows and movies for us to review!)

And if you want to skip ahead, here’s how the episode breaks down:
0:00 Intro
0:40 “Another Life” listener response
11:51 CBS/Viacom merger
20:30 “Wu Assassins” review
33:52 “Wu Assassins” spoiler discussion

Original Content podcast: Netflix’s ‘Wu Assassins’ is a punching, kicking delight

When we reviewed “Another Life” last week, we described it as an old-fashioned science fiction space show, something that’s been absent from TV for the past decade or so. “Wu Assassins” is another new Netflix series, and it’s also is a kind of a throwback — this time to ’90s martial arts series like “Vanishing Son” and “Kung Fu: The Legend Continues.”

As we explain in the latest episode of the Original Content podcast, “Wu Assassins” — which tells the story of Kai, a San Francisco chef who receives mystical powers and must battle powerful nemeses known as the Wu Lords — has plenty of delightfully cheesy writing and special effects. But it’s set apart from those older shows in a couple key ways.

First, there’s the fact that Indonesian martial arts star Iko Uwais (who you might recognize from “The Raid” and “Star Wars: The Force Awakens”) plays as Kai — he’s not a great dramatic actor, but once the action starts, he becomes a blur of punches and kicks.

The producers have surrounded Uwais with other other accomplished martial artists, so the resulting fight scenes are extraordinary. “Wu Assassins” includes a couple big set pieces, but even more remarkably, every single fight (and there are plenty) feels like it’s been choreographed for the perfect mix of beauty and brutality.

Even better, there’s Byron Mann’s performance as Uncle Six, a ruthless triad boss who has a long history with Kai. Mann brings real charisma and humanity to his performance, and he turns his dramatic scenes with Uwais into absolute highlight of the show. Plus, he’s just as compelling when he’s called upon to beat the crap out of his enemies.

In addition to praising “Wu Assassins,” we also discuss the CBS-Viacom merger and listener response to our review of “Another Life.”

You can listen in the player below, subscribe using Apple Podcasts or find us in your podcast player of choice. If you like the show, please let us know by leaving a review on Apple. You can also send us feedback directly. (Or suggest shows and movies for us to review!)

And if you want to skip ahead, here’s how the episode breaks down:
0:00 Intro
0:40 “Another Life” listener response
11:51 CBS/Viacom merger
20:30 “Wu Assassins” review
33:52 “Wu Assassins” spoiler discussion

Spotify’s podcast dashboard comes out of beta

Over the last couple of years, Spotify has made a big push into podcasts. The tip of the spear has been major investments, including acquisitions of companies like Gimlet and Anchor. It’s all part of the company’s attempt harness a massively growing category and build an audience beyond music.

The other great thing about podcasts for a company like Spotify is the access to a tremendous amount of free content created by third-party producers. They record it, edit it and host it, and all Spotify has to do is index the stuff. Spotify for Podcasters is a new platform for the company designed to give creators more control — or at least insight — into how that content is served up.

The feature came out of beta today and is available for all users, showing key analytics like listening time, number of listeners and episode streams. “With so many podcasts out there, it’s more important than ever that you have the data you need to help you understand and grow your audience,” the company writes. “That’s exactly what your dashboard is designed to provide.”

I’ve been playing around with the feature a bit this morning and am finding some interesting bits of demographic info based on the sample. My show RiYL is a mix of different interviews with subjects across a wide variety of different mediums.

No surprise, the ones with musical guests are doing far better than any other. I suspect many or most users are discovering episodes will searching for music on the service. That will likely be the case until Spotify becomes more known for podcast offerings.

IMG 4668

Seems the show’s listeners are mostly male (disappointing, but perhaps not surprising), aged 35-44, located in the United States. The also listen to a lot of Beatles, Bon Iver, Velvet Underground and Radiohead. Go figure.

The feature follows the similar Spotify for Artists offering and promises additional information/insight as it matures.

India’s Reliance Jio inks deal with Microsoft to expand Office 365, Azure to more businesses; unveils broadband, blockchain, and IoT platforms

India’s Reliance Jio, which has disrupted the telecom and features phone businesses in India in less than three years of existence, is now ready to aggressively foray into many more businesses with the help of global giants including Microsoft.

The subsidiary of India’s largest industrial house Reliance Industries today announced that it will commercially launch its optical fiber broadband business next month, an IoT platform on January 1, 2020, and “one of the world’s biggest blockchain networks” in the next 12 months.

The broadband service, called Jio Giga Fiber, is aimed at individual customers, small and medium sized businesses, as well as enterprises, Mukhesh Ambani, Chairman and Managing Director of Reliance Industries, said at a shareholders meeting Monday. The service, which will be available to consumers starting September 5, will offer free voice calls, high-speed internet and start at Rs 700 per month.

The company also announced a 10-year partnership with Microsoft to leverage the Redmond giant’s Azure, Microsoft 365, and Microsoft AI platforms to launch new cloud datacenters in India to ensure “more of Jio’s customers can access the tools and platforms they need to build their own digital capability,” said Microsoft CEO Satya Nadella in a video appearance Monday.

“At Microsoft, our mission is to empower every person and every organization on the planet to achieve more. Core to this mission is deep partnerships, like the one we are announcing today with Reliance Jio. Our ambition is to help millions of organizations across India thrive and grow in the era of rapid technological change… Together, we will offer a comprehensive technology solution, from compute to storage, to connectivity and productivity for small and medium-sized businesses everywhere in the country,” he added.

As part of the partnership, Nadella said, Jio and Microsoft will jointly offer Office 365 to more organizations in India, and also bring Azure Cognitive Services to more devices and in many Indian languages to businesses in the country. The solutions will be “accessible” to reach as many people and organizations in India as possible, he added.

Ambani also said Jio is working on a “digital stack” to create a new commerce partnership platform in India to reach tens of millions of merchants, consumers, and producers.

More to follow…

Original Content podcast: ‘Another Life’ is no masterpiece, but we want a second season anyway

Most critics haven’t found much to like in “Another Life,” a new space opera on Netflix, but look: We had a good time with it.

The show stars Katee Sackhoff (best known as Starbuck on “Battlestar Galactica”), who plays Niko Breckinridge, the leader of an expedition across the galaxy to make contact with aliens who sent mysterious artifacts to Earth.

As we explain on the latest episode of the Original Content podcast, we aren’t blind to the show’s flaws — there’s something old-fashioned and formulaic about the writing, and the scripts regularly ignores major gaps in logic.

Still, even we aren’t completely comfortable calling this a “guilty pleasure,” but this definitely feels like a show that was made for us — especially for Jordan, a serious “Battlestar” fan who’s just happy to see Sackhoff back in space.

Sackhoff’s performance is one of the show’s main strengths, as is a general sense of fun. If you’ve been missing the not-particularly-great space adventure TV shows of the 1990s and early 2000s, “Another Life” will probably scratch that itch for you. And even if it doesn’t, please check it out anyway, because Jordan would like to see what happens in season two.

In addition to reviewing the show, we also discuss the news that “Game of Thrones” showrunners David Benioff and D.B. Weiss have signed a multi-year film and TV deal with Netflix — though it’s not clear when they’ll actually have time to create those new shows, since they’re probably going to be busy for a while writing Star Wars.

You can listen in the player below, subscribe using Apple Podcasts or find us in your podcast player of choice. If you like the show, please let us know by leaving a review on Apple. You can also send us feedback directly. (Or suggest shows and movies for us to review!)

And if you want to skip ahead, here’s how the accept breaks down:

0:00 Intro
0:49 Benioff/Weiss sign with Netflix
6:08 “Another Life” review
33:24 “Another Life” spoiler discussion

How a Swedish saxophonist built Kobalt, the world’s next music unicorn

You may not have heard of Kobalt before, but you probably engage with the music it oversees every day, if not almost every hour. Combining a technology platform to better track ownership rights and royalties of songs with a new approach to representing musicians in their careers, Kobalt has risen from the ashes of the 2000 dot-com bubble to become a major player in the streaming music era. It is the leading alternative to incumbent music publishers (who represent songwriters) and is building a new model record label for the growing “middle class’ of musicians around the world who are stars within niche audiences.

Having predicted music’s digital upheaval early, Kobalt has taken off as streaming music has gone mainstream across the US, Europe, and East Asia. In the final quarter of last year, it represented the artists behind 38 of the top 100 songs on U.S. radio.

Along the way, it has secured more than $200 million in venture funding from investors like GV, Balderton, and Michael Dell, and its valuation was last pegged at $800 million. It confirmed in April that it is raising another $100 million to boot. Kobalt Music Group now employs over 700 people in 14 offices, and GV partner Avid Larizadeh Duggan even left her firm to become Kobalt’s COO.

How did a Swedish saxophonist from the 1980s transform into a leading entrepreneur in music’s digital transformation? Why are top technology VCs pouring money into a company that represents a roster of musicians? And how has the rise of music streaming created an opening for Kobalt to architect a new approach to the way the industry works?

Gaining an understanding of Kobalt and its future prospects is a vehicle for understanding the massive change underway across the global music industry right now and the opportunities that is and isn’t creating for entrepreneurs.

This article is Part 1 of the Kobalt EC-1, focused on the company’s origin story and growth. Part 2 will look at the company’s journey to create a new model for representing songwriters and tracking their ownership interests through the complex world of music royalties. Part 3 will look at Kobalt’s thesis about the rise of a massive new middle class of popular musicians and the record label alternative it is scaling to serve them.

Table of Contents

Early lessons on the tough road of entrepreneurship

image3

Image via Kobalt Music

It’s tough to imagine a worse year to launch a music company than 2000. Willard Ahdritz, a Swede living in London, left his corporate consulting job and sold his home for £200,000 to fully commit to his idea of a startup collecting royalties for musicians. In hindsight, his timing was less than impeccable: he launched Kobalt just as Napster and music piracy exploded onto the mainstream and mere months before the dot-com crash would wipe out much of the technology industry.

The situation was dire, and even his main seed investor told him he was doomed once the market crashed. “Eating an egg and ham sandwich…have you heard this saying? The chicken is contributing but the pig is committed,” Ahdritz said when we first spoke this past April (he has an endless supply of sayings). “I believe in that — to lose is not an option.”

Entrepreneurial hardship though is something that Ahdritz had early experience with. Born in Örebro, a city of 100,000 people in the middle of Sweden, Ahdritz spent a lot of time as a kid playing in the woods, which also holding dual interests in music and engineering. The intersection of those two converged in the synthesizer revolution of early electronic music, and he was fascinated by bands like Kraftwerk.

Statespace picks up $2.5M to help gamers train

Gaming continues to grow in popularity, with esports revenue growing 23 percent from last year to top $1 billion in 2019.

But the metrics by which talent is evaluated in gaming, and the methods by which gamers can train to better hone their craft, are varied and at times non-existent. That’s where StateSpace, and specifically the company’s gaming arm Klutch, come into play.

In 2017, Statespace launched out of stealth with their first product, Aim Lab. Aim Lab is meant to mimic the physical rules of a game to give gamers a practice space where they can improve their skills. Moreover, Aim Lab identifies weaknesses in a player’s gameplay — one person might struggle with their visual acuity in the top left quadrant of the screen, while another might have trouble spotting or aiming at targets on the bottom right side of the screen — and allows gamers to focus in on their weaknesses to get better.

Today, the company has announced a $2.5 million seed funding round led by FirstMark Capital, with participation from Expa, Lux Capital and WndrCo. This brings the company’s total funding to $4 million.

Alongside growing Aim Lab, which is on track to soon reach 1 million users, one of the company’s main goals is to create a standardized metric by which gamers’ skills can be measured. In football, college athletes and NFL coaches have the Scouting Combine to make decisions around recruiting. This doesn’t necessarily take into account stats like yardage or touchdowns, but rather the raw skills of a player such as 40-yard sprint speed.

In fact, Statespace has partnered with the Pro Football Hall of Fame for ‘The Cognitive Combine’, becoming the official integrative medicine program cognitive assessment partner of the organization. Statespace wants to create a similar ‘combine’ for gaming.

The hope is that the company can offer this metric to publishers, colleges and esports orgs, giving them the ability to not only evaluate talent, but to better serve casual users through improved matchmaking and cheat detection.

“We want to go a level beyond your kill:death ratio,” said cofounder and CEO Dr. Wayne Mackey. Those metrics greatly depend on factors like who you’re playing with. You won’t always be matched against players who are on an even keel with you. So we want to look at fundamental skills like hand eye coordination, visual acuity, spatial processing skills, and working memory capacity.”

[gallery ids="1866281,1866282,1866283"]

Klutch has partnered with the National Championship Series as the official FPS training partner for 2019. NCS has majors for both CS:Go and Overwatch, two of the biggest competitive FPS games in the world. The company is also partnering with top Twitch streamers and Masterclass to create The Academy.

Academy users will be able to get advanced tutorials from streamers like KingGeorge (Rainbox Six Siege), SypherPK (Fortnite), Valkia (Overwatch), Drift0r (CoD), and Launders (CS:GO).

Obviously, gaming is a major part of Statespace’s business model. But the skeleton of the technology has a number of different applications, particularly in medicine. Statespace is currently in the research phase of rolling out an Aim Lab product that is specifically focused on helping people who have had strokes recover and rehabilitate.

Statespace wants to use the funding to build out the team and expand the Klutch Aim Lab platform beyond Steam to mobile and eventually console, with Xbox prioritized over PlayStation, as well as launching the Academy.

Netflix signs multi-year deal with ‘Game of Thrones’ showrunners

David Benioff and D.B. Weiss, the creators and showrunners of HBO’s adaptation of “Game of Thrones,” have found a new home.

Netflix has signed a multi-year film and TV pact with the writer-producers; according to The Hollywood Reporter, the deal is worth $200 million. This follows expensive Netflix deals with other high-profile showrunners, including Ryan Murphy ($300 million) and Shonda Rhimes ($100 million).

Benioff and Weiss are a bit different, in that their reputation rests on a single show. But then, the Obamas didn’t have much of a TV résumé either — and of course, “Game of Thrones” is the hit show of the past decade, with record ratings for HBO and a record number of Emmy nominations for the final season. (Basically, no one in Hollywood is interested in your finale complaints.)

It will likely be several years before this deal actually leads to new content on Netflix, with Benioff and Weiss tied up writing and producing a trilogy of Star Wars movies for Disney. (The first is scheduled for release in 2022.)

On the other hand, this deal means we won’t be seeing the pair’s controversial HBO series about an alternate American history where slavery continues.