View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

WWE wrestles with major data leak

The data was found on an AWS S3 server with no access controls or security policies.

By Ellie Burns

The personal information of over three million WWE fans may be at risk following a major data leak which was revealed earlier this week.

According to reports by Forbes, an unprotected WWE database containing the information of three million users was left open to anyone knowing the web address to search.

READ MORE: Top 5 worst data breaches to hit the UK

The data base was uncovered by Bob Dyachenko, from security firm Kromtech, who revealed that the data included home and email addresses, birthdays, ages of customers and their children, genders and ethnicities. The data, reportedly stored in plain text, was found on an AWS S3 server with no access controls or security policies.

“This incident serves to highlight the shared responsibility model of the cloud and reinforces the fact that while cloud applications themselves can be secure, it is up to enterprises to use the applications securely,” said Anurag Kahol, CTO at Bitglass

“In relation to this specific case, there are technologies available today that could have quickly, easily and cost effectively encrypted the sensitive customer PII, en route to the cloud. This would ensure that even after unauthorised access, the data would have been protected.”

The WWE has been quick to reassure fans that no credit card or password information was included in the data leak, with the professional wrestling giant saying in a statement:

“Although no credit card or password information was included, and therefore not at risk, WWE is investigating a vulnerability of a database housed on Amazon Web Services (AWS), which has now been secured.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

“WWE utilizes leading cybersecurity firms Smartronix and Praetorian to manage data infrastructure and cybersecurity and to conduct regular security audits on AWS. We are currently working with Amazon Web Services, Smartronix and Praetorian to ensure the ongoing security of our customer information.”

The WWE was told about the leak by Dyachenko on July 4th, with the data base in question then moved so that it was no longer accessible.

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.