A potential WWE database breach was covered by Thomas Fox-Brewster of Forbes.com on Thursday noting an IT error left personal information open about wrestling fans on file including “addresses, educational background, earnings and ethnicity.”
Bob Dyachenko of security firm Kromtech revealed to Forbes that he had uncovered a “huge, unprotected WWE database containing information on more than 3 million users, noting it was open to anyone who knew the web address to search.”
The data was reportedly sitting on an Amazon Web Services S3 server without username or password protection. The article speculated that the database may have been misconfigured by WWE or an IT partner on Amazon’s hosted infrastructure.
In response, WWE issued the following statement today to PWInsider.com:
“Although no credit card or password information was included, and therefore not at risk, WWE is investigating a vulnerability of a database housed on Amazon Web Services (AWS), which has now been secured. WWE utilizes leading cybersecurity firms Smartronix and Praetorian to manage data infrastructure and cybersecurity and to conduct regular security audits on AWS. We are currently working with Amazon Web Services, Smartronix and Praetorian to ensure the ongoing security of our customer information.”