Why it matters: Following the company’s bankruptcy, thousands of derelict Redbox kiosks containing sensitive customer data are being sold off, creating a significant privacy threat for past customers. The easily accessible machines contain years of personal information, including names, addresses, and partial credit card numbers, leaving consumers vulnerable to identity theft.

The Security Nightmare: California programmer Foone Turing revealed that Redbox kiosks store customer data in poorly protected databases that can be accessed with basic hacking tools. The machines contain transaction histories, personal information, and credit card details dating back nearly a decade.

• Customer data scattered across multiple unsecured logs (Kioskmarketplace)
• Machines designed to boot without security verification

Consumer Risk: PCMag reports that with approximately 24,000 kiosks being liquidated, many are ending up in private hands through Facebook Marketplace and contractor sales. The machines’ vulnerable design means anyone with basic technical knowledge can access sensitive customer information.

• Names, addresses, and partial credit card numbers exposed (Engadget)
• Transaction histories dating back to 2015 are accessible

Legal Limbo: Due to Redbox’s bankruptcy, consumers have limited recourse for protecting their exposed data. The Electronic Frontier Foundation warns that holding the bankrupt company accountable will be challenging.

• Monitor credit reports for suspicious activity
• Report potential identity theft to authorities immediately