A data leak at World Wrestling Entertainment (WWE) has left the personal data of over three million fans exposed online and at risk of theft.
Security firm Krontech has revealed that one of its researchers discovered an unprotected database that contained a plethora of customer information, including home and email addresses, dates of birth, financial earnings and genders.
According to researcher Bob Dyachenko, the unencrypted database was stored on an AWS S3 server with no password protection, meaning it was able to be accessed by anyone who knew the web address.
Speaking to Forbes, Dyachenko suggested that the server was likely misconfigured by either WWE itself or an IT partner.
He added that, although it is unclear which branch of the WWE Corporation the database belongs to, the presence of social media tracking data suggests that it probably came from one of the organisation’s marketing teams.
“Although no credit card or password information was included, and therefore not at risk, WWE is investigating a vulnerability of a database housed on Amazon Web Services (AWS), which has now been secured,” WWE said in a statement on its website.
“WWE utilises leading cyber security firms Smartronix and Praetorian to manage data infrastructure and cyber security and to conduct regular security audits on AWS. We are currently working with Amazon Web Services, Smartronix and Praetorian to ensure the ongoing security of our customer information.”
WWE was informed of the leak on the 4th July and immediately took down the database, although it is unclear how long it was left open for public access.
A similar incident occurred in the US, when a contractor for the Republican party exposed the personal information on more than 198 million citizens after again failing to secure an AWS S3 server.
The WWE discovery also comes in the same week that the AA was roundly criticised for failing to notify more than 100,000 customers of a data breach that occurred in April which is believed to have included names, email addresses and some credit card information.
Tesla retreats from pioneering gigacasting manufacturing process, amid cost cutting and challenges at EV giant
No skynet please. After the US, UK and France pledge human only control of nuclear…
Microsoft's AI investments continue in south east Asia, after investments in Japan, Malaysia, Indonesia, as…
New chapter for LastPass as it becomes an independent company to focus on cybersecurity, after…
US FCC seeks to ban Chinese telecom firms at centre of national security concerns from…
Two updates to Anthropic's AI chatbot Claude sees arrival of a new business-focused plan, as…
