Forbes revealed today that an IT error left uncovered a huge, unprotected WWE database containing information on more than 3 million users, noting it was open to anyone who knew the web address to search. The information was revealed by Bob Dyachenko from security firm Kromtech.
The data concerned include home and email addresses, birthdates, educational background, earnings, ethnicity and customers’ children’s age ranges and genders. Dyachenko claims the database may have been misconfigured by WWE or an IT partner. He alerted WWE on Tuesday about the situation and WWE quickly made this data inaccessible.
The WWE Corporation branch concerned is still unknown but one of the marketing teams is suspected by Dyachenko, as social media tracking data (posts from Superstars and fans) accompanied the data leaked. WWE Network or online store customers could be concerned. The type of information leaked is given voluntarily by fans while creating their WWE Network profile.
WWE is investigating and released the following statement to reassure his customers. “Although no credit card or password information was included, and therefore not at risk, WWE is investigating a vulnerability of a database housed on Amazon Web Services (AWS), which has now been secured.” The company is working with “a leading cybersecurity firm” to determine the cause of the leak.