Computerware Blog
That Barbie Blu-Ray You Rented Could Cost You Your Data
In June, Chicken Soup for the Soul Entertainment—publisher of the eponymous Chicken Soup for the Soul book series—officially filed for Chapter 7 and then Chapter 11 bankruptcy, spurring the liquidation of many of its assets. Many may not realize that these assets include Redbox, the movie rental service, with its 24,000 distinctive scarlet kiosks.
What we’re concerned about, however, is what will become of these kiosks and, critically, the data they contain.
Why Are Redbox Kiosks a Data Risk?
As you likely know, Redbox kiosks were self-service movie rental stations that were once common outside gas stations, pharmacies, and grocery stores. They offered an assortment of DVD and Blu-ray discs for rental. One would sign out a disc and be charged based on how long it was in their possession, depositing it when they were finished using it.
The rise of streaming services would prove to be the end for Redbox, despite the brand’s attempts to embrace the new delivery method through its own application.
However, the famous red boxes of Redbox have not all been removed from their publicly accessible places, leaving many host locations with cumbersome vending machines. Furthermore, hobbyists can get ahold of the old kiosks—one such hobbyist managed to run the video game Doom on one—meaning hackers can get their hands on one, too.
The Problem: These Kiosks Have a Lot of Data in Them
Programmer Foone Turing took it upon herself to crack into a hard drive image (basically, a compressed copy of the hard drive) of an old machine.
By doing so, Turing was able to extract a ton of data, which contained a ton of personally identifiable information. For instance:
- All email addresses and zip codes that had ever rented a disc
- The discs each email address had rented, and when
- Partially hidden credit card numbers (Turing’s example: 1234 56## #### 7890)
So, when you factor in how prevalent these media relics still are today and how easy it is for people to get their hands on kiosks that have been effectively abandoned, the picture is concerning.
The Big-Picture Messages
First and foremost, we all need to be more discerning about sharing our data. We never know how diligent a company is about securing it or even where it is being stored. Let’s face it: Redbox had hard drives with minimal protection sitting in publicly accessible kiosks for years. Who’s to say what another business is doing with the data we provide to them? We must consider how much we share and whether or not it is necessary.
Second, businesses need to meet a certain threshold of cybersecurity these days—not only to maintain trust amongst their customer base, but also to ensure they are protected from various threats that can harm their actual operations.
Computerware can help Northern Virginia, Maryland and Washington DC businesses with both, taking responsibility for reinforcing proper data handling practices and maintaining the necessary cybersecurity protections. Give us a call at (703) 821-8200 to learn more.
Comments