WWE recently had to deal with a public relations nightmare and it still might be ongoing. Bob Dyachenko from the security firm Kromtech told Forbes that he found an unsecured server on Amazon’s web service 3s that contained 3 million WWE fans’ personal information.
This information was in plain text and available for anyone who wanted to find it. It is unknown how long this information has been up or who put it there but the idea is that it came from one of WWE’s many marketing teams.
The information available on this unsecured server contained the same kind of information someone would put in the account information section on their WWE Network account. The most chilling part is nobody needed a username or password to access it.
WWE immediately had the information taken down so it is no longer a threat, but it might be impossible to unring the bell in this instance. This is not a good thing and could become a real black eye if things like this continue to happen. Needless to say, fans don’t need a reason not to trust the pro wrestling superpower.
There was also some international fan information found on a different server but this information contained mobile telephone numbers. The thinking is that this information might have been gathered from WWE’s online store because WWE Network doesn’t collect mobile telephone numbers.
WWE was quick to act on this and released the following statement on the matter:
“Although no credit card or password information was included, and therefore not at risk, WWE is investigating a vulnerability of a database housed on Amazon Web Services (AWS), which has now been secured. WWE utilizes leading cybersecurity firms Smartronix and Praetorian to manage data infrastructure and cybersecurity and to conduct regular security audits on AWS. We are currently working with Amazon Web Services, Smartronix and Praetorian to ensure the ongoing security of our customer information”
