MoviePass’s operators invalidated subscriber passwords while falsely claiming to have detected “suspicious activity or potential fraud” on the accounts
MoviePass’s operators also failed to take reasonable steps to secure personal information it collected from subscribers, such as their names, email addresses, birth dates, credit card numbers, and geolocation information, the FTC alleges. For example, the company stored consumers’ personal data including financial information and email addresses in plain text and failed to impose restrictions on who could access personal data.