Last week, reports from customers on Complain here reported that their emails and CPFs had been exchanged on the Cinemark app, a widely known cinema chain.
The company has now confirmed that some customer accounts were hacked and that the vulnerability that allowed these hacks had been present since April this year.
This news raises serious concerns about the security of users’ personal data and the protective measures adopted by Cinemark. The information is from Technoblog. See more details below.
Image: Yandex/Reproduction
Vulnerability exposed
Customers affected by the invasion reported that both their emails and CPFs were changed in the company’s application. This not only made it difficult to recover their accounts, but raised concerns about the security of their personal data.
The lack of email notifications about changes to user accounts may have contributed to the success of the intrusions.
In turn, the Cinemark did not explain in detail the vulnerability that was exploited in April, but everything indicates that the absence of a verification step in the email exchange request may have been the loophole used by the attackers.
Additionally, Cinemark sent an email to affected customers informing them that the vulnerability has been fixed and that accounts identified as compromised have been suspended.
The company also reported the incident to the National Data Protection Agency (ANPD) and is working to communicate and resolve the issue with affected data subjects.
However, Cinemark states that it has not noticed any significant impact resulting from this event.
Security recommendations
In the midst of this situation, Cinemark recommends that all users remain vigilant and be aware of possible scams, such as phishing and suspicious calls.
These are methods often used by cybercriminals to steal personal data. Although the company does not believe there will be serious consequences as a result of the hack, it advises its customers to check their credit cards for unrecognized purchases, especially tickets to its cinemas.
The admission of Cinemark about the hacking of its customers’ accounts reveals the importance of personal data security in an increasingly digital world.
While the company has taken steps to patch the vulnerability and protect affected accounts, this news serves as a reminder that organizations must be proactive in protecting user information.
Additionally, users should also be aware of cyber threats and take steps to protect their own information.
At a time when privacy and data security are at the forefront of concerns, cases like this highlight the continued need for vigilance and improvement of cybersecurity practices in all organizations that handle sensitive customer information.
