It’s being reported that WWE has suffered a massive data breach, possibly revealing upwards of 3 million users’ information including names, addresses, earnings, educational background, and ethnicity. The breach was discovered earlier this week and reported to the company. The company immediately took action to secure the databases, which were open to anyone on the web who knew where to look.
Bob Dyachenko, who works for security firm Kromtech, discovered the unprotected databases which were sitting on an Amazon Web Services S3 server without username or password protection. The data was stored in plain text and included home and email addresses, birthdates, and customers’ children’s age ranges and genders. WWE is said to be investigating the issue, saying:
“Although no credit card or password information was included, and therefore not at risk, WWE is investigating a potential vulnerability of a database housed on a third party platform. In today’s data-driven world, large companies store information on third party platforms, and unfortunately have been subject to similar vulnerabilities. WWE utilizes leading cybersecurity firms to proactively protect our customer data.”
In a more detailed statement, the company had the following to say on the data breach:
“Although no credit card or password information was included, and therefore not at risk, WWE is investigating a vulnerability of a database housed on Amazon Web Services (AWS), which has now been secured. WWE utilizes leading cybersecurity firms Smartronix and Praetorian to manage data infrastructure and cybersecurity and to conduct regular security audits on AWS. We are currently working with Amazon Web Services, Smartronix and Praetorian to ensure the ongoing security of our customer information.”
There was another database found on Amazon’s hosting service of information primarily on European fans, though the information contained only addresses, telephone numbers and names. It is unclear at this time whether that database is still unprotected.