Three months have elapsed since Redbox’s collapse, but the red kiosks familiar to many may now pose a security threat as they are being sold to the highest bidders. Reports indicate that at least one individual who acquired a defunct DVD and Blu-ray dispenser was able to access customers’ private information from an encrypted file on the machine. This file contained not only viewing habits, such as preferences for the Trolls franchise, but also sensitive details like personal emails and home addresses.
On Mastodon, programmer Foone Turing, who describes herself as a “collector of weird things,” disclosed that she managed to decrypt files from a Redbox machine and matched the extracted information to a real person. The data she accessed came from a machine previously located in Morganton, North Carolina, revealing a customer’s name, ZIP code, and rental history, which included the titles “The Giver” and “The Maze Runner.”
Turing informed Lowpass about her capability to retrieve partial credit card information of some customers. Although full logs were not retrieved, she noted the presence of the “first six and the last four digits of each credit card used, plus some lower-level transaction details.”
The process of accessing the machines required minimal hacking skills. According to Turing, the programming code used by Redbox was of a basic standard, akin to what might be produced by a group of inexperienced programmers with limited practical experience.
It has become apparent that Redbox’s parent company, Chicken Soup for the Soul, may not have thoroughly erased the data from the machines before selling them, likening the sales to old items at a garage sale. With over 24,000 kiosks in circulation, some individuals have started acquiring these machines for personal use. This situation raises concerns about the comparative value of streaming services like Netflix. Efforts to obtain a comment from Chicken Soup for the Soul are ongoing.
