Unprotected AWS server lets anyone get up close and personal with WWE customer data
A data leak at World Wrestling Entertainment (WWE) has left the personal data of over three million fans exposed online and at risk of theft.
Security firm Krontech has revealed that one of its researchers discovered an unprotected database that contained a plethora of customer information, including home and email addresses, dates of birth, financial earnings and genders.
According to researcher Bob Dyachenko, the unencrypted database was stored on an AWS S3 server with no password protection, meaning it was able to be accessed by anyone who knew the web address.
Speaking to Forbes, Dyachenko suggested that the server was likely misconfigured by either WWE itself or an IT partner.
He added that, although it is unclear which branch of the WWE Corporation the database belongs to, the presence of social media tracking data suggests that it probably came from one of the organisation’s marketing teams.