UPDATE: WWE has sent a full response on the matter: “Although no credit card or password information was included, and therefore not at risk, WWE is investigating a vulnerability of a database housed on Amazon Web Services (AWS), which has now been secured. WWE utilizes leading cybersecurity firms Smartronix and Praetorian to manage data infrastructure and cybersecurity and to conduct regular security audits on AWS. We are currently working with Amazon Web Services, Smartronix and Praetorian to ensure the ongoing security of our customer information.”
ORIGINAL:
It’s great to be able to trust someone, especially if it’s a company that you love and devote so much of your life to like WWE. According to a recent article from Forbes 3 million WWE fans might have had their information available on unsecured servers just waiting to be taken by anyone who found them. This information included addresses, educational background, earnings, and ethnicity.
Bob Dyachenko from a security firm called Kromtech told Forbes he found this huge treasure trove of identifying information in plain text form on an Amazon’s Web Service S3. This information had no username or password protection either which meant anyone who had any inkling of malicious intent could have used this information however they saw fit.
While it is not known what branch of WWE dropped the ball and left all of this personal information just sitting out for anyone to find on the side streets of the information superhighway it is believed it might have been one of WWE’s many marketing teams. It was noted the kind of information leaked contained the same personal details customers of WWE Network would put in the account details section of their WWE Network account. So if you filled out your WWE Network account information with a bunch of false information you can probably rest a little bit easier.
Needless to say, this is not the kind of black eye WWE needs especially considering its close relationship to the WWE Network. The idea is to give subscribers a reason to keep their subscriptions and not have fear of their private information leaking. Even though it might be impossible to put the toothpaste back in the tube in this situation, you can rest assure WWE is on top of it.
Information from WWE’s European fans were was also found on a separate Amazon server. Forbes says this European information might have been leaked from WWE’s store as the WWE Network doesn’t require a mobile telephone number.
WWE issued a statement regarding the situation and said, “although no credit card or password information was included, and therefore not at risk, WWE is investigating a potential vulnerability of a database housed on a third party platform.”
WWE said they didn’t know where the information came from or how long it had been on Amazon’s servers. WWE also said they are working with a leading cyber-security firm to determine the cause of the leak. All information found on these servers was immediately removed from the web making them impossible to recover.