WWE Leak Unmasks Smackdown Of Personal Data For Over 3 Million Wrestling Fans
World Wrestling Entertainment (WWE) has received a black eye for an embarrassing data leak that could have (and should have) been avoided. It was not, however, and as a result personally identifiable information and other private details belonging to over 3 million WWE fans was sitting online unprotected and visible without a password to anyone who knew where to look.
The lax security was discovered Bob Dyachenko from security Kromtech. In order to view all of that information, all a person had to do was direct their web browser to the appropriate website. Apparently the data was stored in plain text. Information on an Amazon Web Services S3 server, including names, physical addresses, email addresses, earnings, ethnicity, genders, birthdates,and even the ages of any children customers might have (where supplied).
One of the customers affected believes the database containing the leaked info might be tied to the WWE Shop
In attempting to validate the data, Forbes heard from one of the customers affected by the leak that the database was probably from an online WWE store since "the network doesn't require a mobile number." Whether or not that is the case, WWE insists that no payment information was compromised.
"Although no credit card or password information was included, and therefore not at risk, WWE is investigating a vulnerability of a database housed on Amazon Web Services (AWS), which has now been secured," WWE said in a statement.
Dyachenko believes the information belonged to one of WWE's many marketing teams, as it included a wealth of social media tracking data, such as posts from both superstars and fans. The leaked data is also the same kind that customers of the WWE Network are asked to provide when subscribing to the video streaming service.
Thumbnail Image Source: Flickr (Miguel Discart)
The lax security was discovered Bob Dyachenko from security Kromtech. In order to view all of that information, all a person had to do was direct their web browser to the appropriate website. Apparently the data was stored in plain text. Information on an Amazon Web Services S3 server, including names, physical addresses, email addresses, earnings, ethnicity, genders, birthdates,and even the ages of any children customers might have (where supplied).
One of the customers affected believes the database containing the leaked info might be tied to the WWE Shop
In attempting to validate the data, Forbes heard from one of the customers affected by the leak that the database was probably from an online WWE store since "the network doesn't require a mobile number." Whether or not that is the case, WWE insists that no payment information was compromised.
"Although no credit card or password information was included, and therefore not at risk, WWE is investigating a vulnerability of a database housed on Amazon Web Services (AWS), which has now been secured," WWE said in a statement.
Dyachenko believes the information belonged to one of WWE's many marketing teams, as it included a wealth of social media tracking data, such as posts from both superstars and fans. The leaked data is also the same kind that customers of the WWE Network are asked to provide when subscribing to the video streaming service.
Thumbnail Image Source: Flickr (Miguel Discart)
