There has been a security breach that exposed some information about WWE fans, with upwards of 3 million users having their names exposed to whoever had access to the web address. The details of the leak are filled with technical jargon that can be a bit difficult to parse, but it’s obviously a very bad thing that this information has gotten out there.
The leak was first reported in a new article from Thomas Fox-Brewster of Forbes:
Earlier this week, Bob Dyachenko, from security firm Kromtech, told Forbes he’d uncovered a huge, unprotected WWE database containing information on more than 3 million users, noting it was open to anyone who knew the web address to search. Looking at samples of the leaked information provided by Dyachenko, all data was stored in plain text.
The data – which also included home and email addresses, birthdates, as well as customers’ children’s age ranges and genders where supplied – was sitting on an Amazon Web Services S3 server without username or password protection, Dyachenko said. It’s likely the database was misconfigured by WWE or an IT partner as in other recent leaks on Amazon-hosted infrastructure. WWE said it was investigating.
WWE commented on the security breach with this comment sent to Forbes in the same article:
“Although no credit card or password information was included, and therefore not at risk, WWE is investigating a potential vulnerability of a database housed on a third party platform. In today’s data-driven world, large companies store information on third party platforms, and unfortunately have been subject to similar vulnerabilities. WWE utilizes leading cybersecurity firms to proactively protect our customer data.”
The story also noted that WWE was working with a leading cyber-security firm to try to find out the cause of the leak.
At this point, there isn’t much that fans can actually do about the leak. When customers provide info to major companies like WWE, they put their trust in them to keep that information private, and this sure doesn’t look good for WWE from a PR standpoint. By having this security breach, it’s possible that this info got in the hands of criminals. I think WWE will handle it as best they can, and hopefully nothing too serious comes as a result of this.
If there’s anything new that comes out of this we’ll update, but for now don’t freak out too much. Listen to “Great Balls of Fire” on repeat like Vince McMahon does, and you’ll feel better.