If you have rented from Redbox, your personal information may be at risk. A programmer recently revealed that all of those old Rebox machines store a trove of customer data, including names, email addresses, rental histories, partial credit card numbers, and even home addresses. This becomes a major issue as these devices are now being given away to almost anyone willing to take them away.
Foone Turing, a California-based programmer, accessed an unencrypted file from a Redbox kiosk hard drive, exposing transaction records dating back to at least 2015. The data, which appears to be from a machine in Morganton, North Carolina, included detailed information about thousands of rentals.
Although Redbox’s payment system connected to a secure server, the kiosks still stored sensitive financial information in a separate log file. Turing noted that the system likely only retained the last month of transaction logs.
The revelation raises concerns about the potential for misuse of this data, especially given that the kiosks are now largely abandoned. Following Redbox’s bankruptcy in July, its owner, Chicken Soup for the Soul, has made little effort to reclaim or wipe the data from its 24,000 machines scattered across the U.S.
Reports indicate that some individuals have been able to acquire these kiosks simply by asking store owners, raising the possibility of sensitive customer data falling into the wrong hands.
This situation highlights the importance of data security and the long-term implications of neglecting it. Even seemingly obsolete technology can pose significant privacy risks if not properly managed and disposed of.