Did You Trade Your Data for a DVD Rental?

In June of this year, publisher Chicken Soup for the Soul Entertainment, best known for its book series of the same name, filed for Chapter 7 and Chapter 11 bankruptcy and had many of its assets liquidated. One of these assets was the movie rental service Redbox and its eponymous scarlet rental kiosks, rendering the service defunct.

However, many kiosks remain standing outside businesses even now, which makes us wonder… what about all the data they collected while they were in use?

Yes, the Self-Serve Movie Rental Kiosks Could Potentially Put Your Data at Risk

You’re likely familiar with Redbox, with at least knowledge of them if not first-hand experience. These kiosks were once commonly found at gas stations, grocery stores, pharmacies, and other public places, and allowed customers to rent DVDs and Blu-ray discs. All one had to do was provide a credit card to sign out a movie, and the service would charge them per day until it was deposited back into one of these kiosks.

While Redbox would attempt to follow other content services into streaming as the new delivery method became widespread, these developments ultimately left the business in the past.

However, many red kiosks remain “in the wild” even now, burdening some businesses that hosted the service with clunky machines that serve no purpose. Some hobbyists have taken on the kiosks, entertaining themselves by tinkering with them. One such hobbyist enabled the Doom video game to play on one of them.

This is all in good fun… but what if we swap out the hobbyist for a hacker?

These Kiosks Still Hold a Substantial Amount of Data

Foone Turing, a programmer, used a hard drive image (which is effectively a compressed copy of a hard drive) to look into a kiosk’s inner workings.

What she found was not good.

Turing pulled a ton of data—including a lot of personally identifiable information—from the image. This data included:

  • All email addresses and zip codes that had ever rented a disc
  • All discs each email address had rented and when they had done so
  • Partially hidden credit card numbers (Turing gave the example 1234 56## #### 7890)

So, if you think about your nearest Redbox—perhaps one you used yourself—and how easy it would be to obtain that kiosk from a business that just wants to get rid of it, it should make you worry a little.

What Can We Take Away from This?

First, we all need to be more aware of what data we share and with whom. The unfortunate truth is that we have no guarantee of how secure a company is keeping its data or where it is stored. Redbox had this data sitting in minimally protected hard drives, just hanging out in public places. There’s no guarantee that any other business is being more diligent. We must strictly evaluate what we share with businesses and whether doing so is necessary.

Second, there is a cybersecurity threshold that businesses need to meet to maintain the trust of their clientele and protect themselves and their operations from impending threats.

At White Mountain IT Services, we help New Hampshire businesses accomplish both, ensuring that they maintain proper data handling and are sufficiently secured against threats. Call (603) 889-0800 to learn more about how we can help you.

White Mountain IT

Related Posts

Fake Tech Support Scams Target Your Business’ Lack of Organizational IT Knowledge

All businesses need a little IT assistance from time to time, whether it’s for a simple hiccup some software or a full-blown technology emergency. Cybercriminals will often pose as IT support in attempts to capture this low-hanging fruit. Your employees should know how to spot the following warning signs from a fraudulent tech support squad. Keep in mind: these tips are helpful whether you have...

Don't Get Hooked: Spotting Phishing Emails Before They Reel You In

From the classic Nigerian Prince emails to the cleverly crafted fake invoice, malicious digital correspondence is a constant threat to a business. It's not just about losing a few bucks, either. A successful phishing attack can cripple your operations, compromise sensitive data, and even lead to your company's demise. So, how do you spot these digital dangers? Here are some of the most obvious ...

Why You Absolutely Need to Build a Solid DR Strategy

Imagine waking up one day to find your phone wiped clean with no contacts, no photos, and no messages. Now, picture this happening to an entire business, where all their files, data, and systems are gone. Scary, right? That’s why businesses need a Disaster Recovery (DR) system. It helps them bounce back when things go wrong. Here’s how to build one. Have a Hierarchy of What Needs to Be Secured ...

Maintaining Data Security Is the Most Important Tip We Can Give You

Tips are great as long as they actually work. Business owners need more technology tips than just about anything else, whether that is app-specific or general care of technology. We try to do our best to provide useful tips a couple of times a month, but this week we wanted to focus on what is probably the most important tip we can provide. The most important tip for business computing is to pr...