WWE data breach: Over 3 million fans' personal data exposed in massive leak
The company acknowledged the breach in a statement on its website.
WWE said it is currently investigating a "vulnerability of database" after a security firm revealed it had discovered a massive, unprotected database containing the data of over 3 million users.
Researcher Bob Dyachenko, from security company Kromtech, told Forbes that he had uncovered a database that contained millions of users' data, including their home and email addresses, birth dates, educational background, ethnicity, earnings, children's age ranges, and genders.
Dyachenko noted that anyone who knew which web address to search could access the leaked database, stored in plain text, on an Amazon Web Services S3 server without username or password protection.
The researcher said it was not immediately clear which branch of the WWE Corporation the database originated from. However, he suspects it could have come from one of the company's marketing teams since it included troves of social media tracking data including posts from both the WWE stars and fans.
After Dyachenko notified WWE about the leak on 4 July, the company immediately took down the database. However, he also noted that another database on Amazon's hosting service contained European fans' data including names, telephone numbers and addresses.
WWE acknowledged the breach in a statement posted on the company's website on Thursday and said it is working with Amazon Web Services and security firms Smartronix and Praetorian to investigate the issue.
"Although no credit card or password information was included, and therefore not at risk, WWE is investigating a vulnerability of a database housed on Amazon Web Services, which has now been secured," the company said.
"WWE utilizes leading cybersecurity firms Smartronix and Praetorian to manage data infrastructure and cybersecurity and to conduct regular security audits on AWS. We are currently working with Amazon Web Services, Smartronix and Praetorian to ensure the ongoing security of our customer information."
The company did not specify when the database was leaked or who may be responsible for the breach. IBTimes UK has reached out to Kromtech and WWE for comment.
© Copyright IBTimes 2024. All rights reserved.