Redbox customers’ credit cards, private info hacked in kiosks
Redbox customers have been warned.
Old Redbox kiosks have been hacked to reveal customers’ credit card numbers and more of their private information, including their names, addresses and emails.
California-based programmer Foone Turing claimed in a social media thread last week that she was able to hack an old Redbox machine in Morganton, North Carolina.
She said she was able to uncover the customers’ name, ZIP code and usage history. They had rented the films “The Giver” and “The Maze Runner” nine years prior to the hack.
According to Foone Turing, the hard drives on the Redbox machine had the first 6 digits and last 4 digits of the credit card used, as well as other “lower-level transaction details.”
Foone Turing told Ars Technica that it wasn’t a difficult task to find customer data on the machine belonging to the beloved movie rental kiosk.
“The device has a lot of logs, and customer data was scattered throughout several of them—usually fragmentary, but it’s not too hard to cross reference them with other logs. It’s not super straightforward to directly access the data,” she said.
“Most of it is held in an old database format that’s not easy to manipulate, but anyone with basic hacking skills could easily pull data manually out of the files with a hex editor,” the programmer added.
Foone Turing explained that “the root issue” of the Redbox hacking situation “is that this is a machine that has to boot by itself, with no chance for a human to enter a decryption password or something. That means that the machine has to be able to decrypt itself.”
Redbox’s parent company, Chicken Soup for the Soul Entertainment (CSSE), filed for bankruptcy in July.
The Wall Street Journal reported at the time that Redbox’s 24,000 rental kiosks were closing as the company moved to liquidate its assets.
Judge Thomas Horan of the US Bankruptcy Court District of Delaware, who is overseeing the case, granted the company’s request to pursue the liquidation proceedings saying, “there is no means to continue to pay employees, to pay any bills.”
Redbox’s liquidation reportedly leaves all 1,033 of its employees jobless and the workers won’t receive any severance or extended benefits.
In its Chapter 11 reorganization filings on June 28, CSSE listed $970 million in total debts and consolidated assets of $414 million from March 31, 2024, Variety reported.
The company still owes money to Walmart and Walgreens — stores where some of its kiosks were located — and media companies including Warner Bros. Home Entertainment and Sony Pictures Television.
Redbox was founded in 2002 and was the rival video store of Blockbuster, which has only one franchise store left in the United States.