Forbes published an article yesterday revealing that over 3 million names, e-mails, addresses, phone numbers, and other information found on a WWE database online were leaked.
The database, hosted on Amazon’s AWS service, was stored in plain text and not password protected, allowing anyone who knows how to access certain URLs full access to the PII data. It was security firm Kromtech who uncovered the database vulnerability and managed to get a copy of the whole thing.
It’s not known from which department the database came from but Forbes said it included the same details for customers of the WWE Network. Another WWE database on the same Amazon hosting service contained info primarily on European fans, though the information contained only addresses, telephone numbers and names.
WWE issued a statement replying to Forbes’ story stating, “Although no credit card or password information was included, and therefore not at risk, WWE is investigating a potential vulnerability of a database housed on a third party platform. In today’s data-driven world, large companies store information on third party platforms, and unfortunately have been subject to similar vulnerabilities. WWE utilizes leading cybersecurity firms to proactively protect our customer data.”
You can read the full Forbes story here.