It's only been three months since Redbox imploded, but the company's familiar red kiosks could become a security nightmare as they fall into the hands of the highest bidders.
reports that at least one owner of a defunct DVD and Blu-ray dispenser found a way to obtain private customer information from an encrypted file on the machine, which contained more than one person's penchant for the trolls franchise. The database also contained sensitive data such as personal emails and home addresses.
In Mastodonself-described programmer Foone Turing collector of rare thingsHe said he decrypted the encrypted files on a Redbox machine and compared the information he found with a real person.
The file he obtained came from a Redbox machine that had run in Morganton, North Carolina. The information he pulled from the file showed the customer's name, zip code, and usage history. If you're curious, they rented a copy of the giver and The maze runner. I bet that person is grateful they decided not to release a Disney copy. lone ranger reboot.
Turing said low pass He was even able to obtain some of the credit card information of some customers. Although there was not a complete record, he noted that he still had “the first six and last 4 (digits) of each credit card used, plus some lower-level transaction details.”
It also didn't take much hacking knowledge to crack the machines. The code Redbox used to program the machines is “the kind of code you get when you hire 20 new grads who technically know C# but none of them have (sic) written any software before,” Turing wrote in Mastodon.
Now here's the trick. It's clear that Redbox's parent company, Chicken Soup for the Soul, didn't do a great job cleaning the machines before selling them like old shoes at a garage sale. There are over 24,000 kiosks and some people even buy them in the store and take them home. Suddenly, paying a couple extra bucks for Netflix doesn't sound so bad right now.
We've reached out to Chicken Soup for the Soul for comment.
