Redbox Automated Retail was a video rental and streaming company founded in 2002 and based in Illinois.
The company made a name for itself with automated DVD rental kiosks and was a rival to the video store of Blockbuster.
At its peak, Redbox had more than 43,000 kiosks around the U.S. with revenue of $1.97 billion.
However, as streaming services gained popularity, the company floundered and filed for bankruptcy in 2024.
But before the company swirled the bowl, their kiosks were hacked.
A California computer programmer hacked into a Redbox kiosk in North Carolina.
The hacker was able to uncover customers’ names, zip codes, emails, addresses, and usage history.
According to the hacker, “The device has a lot of logs, and customer data was scattered throughout several of them—usually fragmentary, but it’s not too hard to cross-reference them with other logs. It’s not super straightforward to directly access the data.”
In addition, the hacker found parts of customers’ credit card history stored on the Redbox hard drives.
These included the first six and last four digits of users’ credit card numbers.
The hacker said the problem with the Redbox machines is that they reboot themselves without the need for a human to enter a password or decryption.
These days, kiosks are popping up in many places.
They’re convenient for companies and customers alike, an easy way to complete a transaction.
But kiosks come with security and privacy risks.
In fact, here are some reasons you may want to avoid using kiosks at places like airports, hotels, etc.
Skimming:
As you probably know, when you pay for gas at the pump there is the risk of skimming devices on the card reader.
One year the state of Florida removed more than 5,000 skimming devices from gas stations.
These devices are everywhere, including on kiosks.
Meaning, if you use kiosks at airports, hotels, or anywhere it could expose your data.
This includes reservation details, credit card numbers, travel itineraries, and passport numbers.
Lack of updates:
Another issue with kiosks is that many companies set them up but don’t do regular maintenance.
And many companies use third-party vendors for kiosks, and these vendors may neglect to do security updates.
So, many kiosks use outdated software or operating systems, leaving them vulnerable to hackers.
This could make it less secure than dealing with a company representative using a secure computer.
Authentication:
When you use a kiosk, you typically provide your name, reservation number, or email address.
Trouble is, this information is not that hard to figure out, nor strong or thorough enough to securely identify the true user.
So, it wouldn’t be hard for a criminal to modify or cancel someone else’s reservation through a kiosk.
Additionally, some kiosks have USB ports that can be used to install software or access tools.
This is a major breach because anyone with hacking programs or software could access and upload the system and make trouble.
Shoulder surfing:
Shoulder surfing is a social engineering attack when a person steals data by watching the screen or what the person types.
The lines at kiosks can make it easy for a person standing close behind you to see your PINs or credentials being entered into the system.
Criminals will even try to distract people using kiosks so they can see their data.
Sometimes a criminal will use binoculars or even a smartphone to take pictures of what’s on the kiosk’s screen.
So, if you’re using a kiosk, make sure no one is standing too close to you, and try to block the screen and keypad when you type.
Additionally, if you’re using kiosks avoid entering sensitive data.
And before using, check the machine to make sure there aren’t loose panels or strange devices connected to it.
Finally, always ensure that your session has logged out of the kiosk before walking away.
The bottom line is, using kiosks to check in is convenient but not secure, so it’s best to avoid them when possible.
Avoiding kiosks should be another phase of your comprehensive plan to secure your personal information in today’s increasingly online world.
