WWE Data Leak Exposes Personal Info Of Three Million Fans

Share

According to Forbes, Bob Dyachenko, from security firm Kromtech, told Forbes he'd uncovered a huge, unprotected WWE database containing information on more than 3 million users.

Diachenko said the data was stored on an Amazon Web Services S3 server that had no username or password protection and could be accessed by anyone who knew the web address to search.

It is not now known which particular branch of the WWE Corporation the database came from, but as social media tracking data was included there are suspicions it may belong to a marketing team, with evidence pointing towards the WWE Network. "In today's data-driven world, large companies store information on third party platforms, and unfortunately have been subject to similar vulnerabilities".

A second database - also on Amazon's service - contained information about European fans including addresses, telephone numbers and names.

More news: Vacation Bible School helps children learn valuable lessons in Yongsan
More news: Lexington Kmart to close by October; liquidation begins next week
More news: Trump urges West to 'defend our civilisation' in Warsaw speech

WWE says it has since taken down the databases, which were likely misconfigured by someone at the company or one of its partners. It is possible the users listed in the database are users of the subscription-based WWE Network video service, which boasts about two million subscribers. The data matches that found in the account details of customers belonging to the WWE Network, the wrestling company's subscription streaming service.

WWE has reportedly since locked down the data and said that it is working with "leading cyber security firms to proactively protect" customer data and future leaks.

On Thursday, WWE issued the news by filing an investigation to determine the "vulnerability of database" just right after sources reported the findings of the unprotected database that was indeed open to anyone who has the address. "As public cloud adoption rises, organizations must have configurations and controls tightly sealed on all fronts - their customer's sensitive personal data depends on it", he said.

Share