| Recurring |
one_organization |
(a) The software failure incident of leaving customers' card numbers and credit card details exposed due to failing to password protect a database has happened again at MoviePass. The incident mentioned in the article is not the first time MoviePass has faced issues related to data security and customer information exposure. MoviePass had previously faced criticism for reactivating accounts without consent, surge pricing, service outages, changing passwords to prevent ticket orders, altering terms of service, and combating fraud by requiring ticket-stub photos [89060].
(b) There is no specific mention in the article about similar incidents happening at other organizations or with their products and services. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident related to the design phase: The incident where MoviePass left customers' card numbers and credit card details exposed was due to a failure in design. The database was not password protected, leading to the exposure of more than 160 million records [89060].
(b) The software failure incident related to the operation phase: The incident where MoviePass reactivated accounts and changed passwords to prevent users from ordering tickets can be attributed to a failure in operation. These actions taken by MoviePass in the operation of their service led to criticism and negative user experiences [89060]. |
| Boundary (Internal/External) |
within_system |
(a) within_system: The software failure incident reported in the article is primarily attributed to factors originating from within the system. MoviePass reportedly left customers' card numbers and credit card details exposed after failing to password protect a database [89060]. The incident involved the mishandling of sensitive data within the system, indicating an internal failure rather than an external attack or influence. Additionally, the article mentions that MoviePass took immediate action to secure its systems, suggesting that the root cause of the failure was within the organization's control. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident in the MoviePass case was primarily due to non-human actions. Specifically, the incident occurred because MoviePass reportedly left customers' card numbers and credit card details exposed after failing to password protect a database. This failure to secure the database led to tens of thousands of users being affected [Article 89060].
(b) Human actions also played a role in the software failure incident. For example, MoviePass faced criticism for reactivating accounts without consent, implementing surge pricing, experiencing temporary service outages due to insufficient funding, and changing passwords to prevent users from ordering tickets. These actions taken by MoviePass management contributed to the overall negative user experience and operational challenges faced by the company [Article 89060]. |
| Dimension (Hardware/Software) |
software |
(a) The software failure incident related to hardware:
- The software failure incident reported in Article 89060 was not directly attributed to hardware issues. Instead, it was due to MoviePass failing to password protect a database, leading to the exposure of customers' card numbers and credit card details [89060].
(b) The software failure incident related to software:
- The software failure incident reported in Article 89060 was primarily due to a software issue where MoviePass failed to password protect a database, resulting in the exposure of sensitive customer information [89060]. |
| Objective (Malicious/Non-malicious) |
non-malicious |
(a) The software failure incident in the MoviePass case was non-malicious. The incident occurred because MoviePass reportedly left customers' card numbers and credit card details exposed after failing to password protect a database. This was a result of negligence or oversight rather than intentional harm [89060]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
(a) The software failure incident related to MoviePass leaving customers' card numbers and credit card details exposed due to failing to password protect a database can be attributed to poor decisions made by the company. This failure was a result of the poor decision to leave more than 160 million records unencrypted in the database, which was discovered by cybersecurity company SpiderSilk [89060]. Additionally, the incident reflects a series of poor decisions made by MoviePass in the past, such as reactivating accounts without consent, surge pricing, service outages, changing passwords without user consent, altering terms of service, and inconsistent pricing strategies [89060]. |
| Capability (Incompetence/Accidental) |
development_incompetence, accidental |
(a) The software failure incident related to development incompetence is evident in the MoviePass case where tens of thousands of users were affected due to the company failing to password protect a database, leaving customers' card numbers and credit card details exposed [89060]. Additionally, the report mentioned that more than 160 million records were left unencrypted, indicating a lack of professional competence in handling sensitive data securely.
(b) The accidental aspect of the software failure incident is highlighted by MoviePass immediately securing its systems to prevent further exposure after the incident was discovered [89060]. This quick response suggests that the exposure of customer data was not intentional but rather a result of oversight or negligence. |
| Duration |
temporary |
The software failure incident reported in Article 89060 regarding MoviePass leaving customers' card numbers and credit card details exposed due to failing to password protect a database can be categorized as a temporary failure. This is evident from the fact that MoviePass immediately secured its systems to prevent further exposure after the incident was discovered [89060]. Additionally, the article mentions that MoviePass was working diligently to investigate the scope of the incident and planned to promptly notify affected subscribers and appropriate regulators or law enforcement once they gained a full understanding of the situation [89060]. These actions indicate that the failure was not permanent but rather a temporary issue that was addressed promptly after being identified. |
| Behaviour |
omission, value |
(a) crash: The article does not mention a specific instance of the system losing state and not performing any of its intended functions.
(b) omission: The incident reported in the article involves a failure to password protect a database, leading to the exposure of customers' card numbers and credit card details. This omission to protect sensitive information can be categorized as an omission failure [89060].
(c) timing: The article does not mention a specific instance of the system performing its intended functions too late or too early.
(d) value: The incident involves the system performing its intended functions incorrectly by failing to encrypt more than 160 million records, leaving them exposed. This can be categorized as a value failure [89060].
(e) byzantine: The article does not mention a specific instance of the system behaving erroneously with inconsistent responses and interactions.
(f) other: The article does not provide information on a specific behavior that falls outside the categories of crash, omission, timing, or byzantine failures. |