Forbes.com has released a new report claiming a massive WWE leak has exposed 3 million fan addresses and ethnicities.
The report notes Bob Dyachenko, from security firm Kromtech, told Forbes he’d uncovered a huge, unprotected WWE database containing information on more than 3 million users, noting it was open to anyone who knew the web address to search. Looking at samples of the leaked information provided by Dyachenko, all data was stored in plain text.
The data – which also included home and email addresses, birthdates, as well as customers’ children’s age ranges and genders where supplied – was sitting on an Amazon Web Services S3 server without username or password protection, Dyachenko said. It’s likely the database was misconfigured by WWE or an IT partner as in other recent leaks on Amazon-hosted infrastructure. WWE said it was investigating and has also sent the following statement to WZ:
“Although no credit card or password information was included, and therefore not at risk, WWE is investigating a vulnerability of a database housed on Amazon Web Services (AWS), which has now been secured. WWE utilizes leading cybersecurity firms Smartronix and Praetorian to manage data infrastructure and cybersecurity and to conduct regular security audits on AWS. We are currently working with Amazon Web Services, Smartronix and Praetorian to ensure the ongoing security of our customer information.”