Forbes published a story today stating that Bob Dyachenko, from security firm Kromtech, uncovered a WWE database that was unprotected that contained the personal information of over 3 million users. Anyone who had the URL would have been able to search the data, which included birth-dates, ages, email addresses, ethnicity, educational background, earnings and even customers’ children’s age ranges and genders. The data was stored in plain text.
Another WWE database was also leaking on Amazon’s hosting service that contained addresses, telephone numbers and names of European fans. It was noted that this database may have been from an online WWE store as “the network doesn’t require a mobile number.”
WWE was alerted about the leak by Dyachenko on July 4th, and they moved the database so it is no longer accessible.
WWE issued the following statement regarding the report:
“Although no credit card or password information was included, and therefore not at risk, WWE is investigating a vulnerability of a database housed on Amazon Web Services (AWS), which has now been secured. WWE utilizes leading cybersecurity firms Smartronix and Praetorian to manage data infrastructure and cybersecurity and to conduct regular security audits on AWS. We are currently working with Amazon Web Services, Smartronix and Praetorian to ensure the ongoing security of our customer information.”