MoviePass Operators Settle Data Security Allegations

Written by

The operators of subscription service MoviePass have agreed to settle Federal Trade Commission allegations of fraud and data security failures. 

It is alleged that MoviePass used an elaborate three-prong approach to prevent and discourage subscribers from using its $9.95 "one movie a day" monthly subscription service as advertised.

First, according to the FTC complaint, the company blocked as many as 75,000 subscribers from accessing content by purposefully invalidating their passwords. 

The FTC said: "MoviePass’s operators invalidated subscriber passwords while falsely claiming to have detected 'suspicious activity or potential fraud' on the accounts. MoviePass's operators did this even though some of its own executives raised questions about the scheme."

Their next alleged tactic was to create a time-sensitive ticket verification program that discouraged thousands of subscribers from using the service. 

"This program required subscribers to take and submit pictures of their physical movie ticket stubs for approval through the MoviePass app within a certain timeframe," said the FTC.

"Subscribers who failed to submit their tickets could not view future movies and could have their subscriptions canceled if they failed to verify their tickets more than once."

Finally, MoviePass’s operators allegedly set “trip wires” to block set groups of subscribers from using the service after they collectively hit certain thresholds based on their monthly cost to the company. The FTC alleges that this tactic was used against subscribers who typically watched three or more movies per month.

The operators of the now defunct app were further accused of storing the personal information it collected from subscribers in plain text and allowing unrestricted access to customers' names, email addresses, birth dates, credit card numbers, and geolocation information.

In August 2019, MoviePass confirmed that it suffered a data breach that may have exposed customer credit card numbers.

MoviePass Inc., which was founded in 2011 and headquartered in New York City,  shuttered its mobile ticketing service in 2019. In January 2020, its parent company Helios and Matheson Analytics, Inc., filed for bankruptcy

Under the proposed settlement, MoviePass, Helios, former MoviePass CEO Mitchell Lowe, and former Helios CEO Theodore Farnsworth will be barred from misrepresenting their business and data security practices.

The order also states that any businesses controlled by MoviePass, Helios, or Lowe must implement comprehensive information security programs.

What’s hot on Infosecurity Magazine?