The breach was discovered by Mossab Hussein, a security researcher at SpiderSilk, a cybersecurity firm in Dubai, the report states. Hussein confirmed to the CNN Business database he found contained millions of listings, some of which had sensitive data such as MoviePass customer card numbers.
MoviePass customers are issued cards that act as debit cards. Customers pay a monthly subscription fee to watch a maximum of one movie per day. MoviePass charges the entire cost of a movie on the card, and the cash amount can then be used to pay for movies at the cinemas.
Hussein told CNN Business that when the data was discovered, he emailed MoviePass CEO Mitch Lowe to report it. When he didn't hear back after a few days, Hussein reached out to TechCrunch.
"We believe the average customer should have the right to know about such events ASAP, and as transparent as possible," Hussein said.
MoviePass said it will continue to disclose information about the incident.