Data breaches and hacks can not only affect and hurt the company it happens to but also its customers. In the case of the WWE there wasn’t an actual hack, instead, the personal information of 3 million users was in plain sight for anyone to see. Bob Dyachenko works for the security firm Kromtech and informed Forbes he had uncovered a massive unprotected WWE database and all of the data was stored in plain text. The information found on this server included addresses, educational background, earnings, and ethnicity.
WWE was using Amazon Web Services S3 servers and all of this information was being stored without a username or password protecting access. The data exposed also included emails, birthdays, and children’s ages and genders. According to Forbes World Wrestling Entertainment (owned by Vince McMahon) is investigating the data breach to see what exactly happened in this situation.
That wasn’t the only database WWE was leaking, Dyachenko added. It left another on Amazon’s hosting service that contained reams of information primarily on European fans, though the information contained only addresses, telephone numbers and names, a review of samples of the data revealed. According to one customer, who responded to Forbes’ inquiries trying to validate the leaked data, it was likely this database was from an online WWE store as “the network doesn’t require a mobile number.”
Soon after the discovery, the company did move the data and make it inaccessible, so the threat is no longer there. The company did provide a short statement to address the issue.
“Although no credit card or password information was included, and therefore not at risk, WWE is investigating a potential vulnerability of a database housed on a third party platform,” a spokesperson from the wrestling giant said.
“In today’s data-driven world, large companies store information on third party platforms and unfortunately have been subject to similar vulnerabilities. WWE utilizes leading cybersecurity firms to proactively protect our customer data.”