Redbox customers’ credit card numbers, private info stored in easily hacked kiosks
nypost.coma social media thread last week that she was able to hack an old Redbox machine in Morganton, North Carolina. She said she was able to uncover the customers’ name, ZIP code and usage history.
They had rented the films “The Giver” and “The Maze Runner” nine years prior to the hack. According to Foone Turing, the hard drives on the Redbox machine had the first 6 digits and last 4 digits of the credit card used, as well as other “lower-level transaction details.”Foone Turing told Ars Technica that it wasn’t a difficult task to find customer data on the machine belonging to the beloved movie rental kiosk.“The device has a lot of logs, and customer data was scattered throughout several of them—usually fragmentary, but it’s not too hard to cross reference them with other logs.
It’s not super straightforward to directly access the data,” she said. “Most of it is held in an old database format that’s not easy to manipulate, but anyone with basic hacking skills could easily pull data manually out of the files with a hex editor,” the programmer added.
Foone Turing explained that “the root issue” of the Redbox hacking situation “is that this is a machine that has to boot by itself, with no chance for a human to enter a decryption password or something.
Read more on nypost.com
