It’s only been three months since the Redbox debacle, but the company’s familiar red kiosks could become a security nightmare as they’re sold off to the highest bidder.
According to Gizmodo, at least one owner of a discontinued DVD and Blu-ray dispenser has discovered a way to retrieve customers’ personal information from encrypted files on the machine. That file contained one or more people’s preferences for the Trolls series. The database also contained sensitive data such as personal emails and home addresses.
At Mastodon, programmer Foun Turing, who calls himself a collector of strange things, said he decrypted encrypted files from Redbox machines and matched the information he found with real people.
The files she obtained came from a Redbox machine operating in Morganton, North Carolina. The information she retrieved from the files included customers’ names, zip codes, and usage history. If you’re interested, try renting The Giver and The Maze Runner. I’m sure he’s grateful he decided not to buy Disney’s Lone Ranger reboot.
Turing told Rhopass that he was also able to obtain some of the credit card information of some customers. Although she didn’t have the entire log, she noticed it still had “the first six and last four digits (numbers) of each credit card used, plus low-level transaction details.”
It also didn’t require a lot of hacking know-how to crack the machine. The code Redbox used to program its machines is “the kind of code you get when you hire 20 new employees who technically know C# but have never written software.” ” Turing wrote in Mastodon.
Now, here’s the kicker. It’s clear Redbox’s parent company, Chicken Soup for the Soul, didn’t do a great job of wiping down the machine before selling it off like an old shoe at a garage sale. There are more than 24,000 kiosks, and some customers can buy in-store and take home. Suddenly, paying a few extra bucks for Netflix doesn’t seem so bad now.
We reached out to Chicken Soup for the Soul for comment.
