Data leaks and breaches are just part of modern life now, sadly.
The latest company to suffer such a fate is none other than World Wrestling Entertainment. Forbes have reported that over three million WWE customers have had their data made available online.
This wasn’t a hack, however – apparently it likely down to some sort IT error. It’s actually pretty complicated, so we’ll let Forbes explain:
Earlier this week, Bob Dyachenko, from security firm Kromtech, told Forbes he’d uncovered a huge, unprotected WWE database containing information on more than 3 million users, noting it was open to anyone who knew the web address to search. Looking at samples of the leaked information provided by Dyachenko, all data was stored in plain text.
The data – which also included home and email addresses, birthdates, as well as customers’ children’s age ranges and genders where supplied – was sitting on an Amazon Web Services S3 server without username or password protection, Dyachenko said. It’s likely the database was misconfigured by WWE or an IT partner as in other recent leaks on Amazon-hosted infrastructure. WWE said it was investigating.
It is important to stress that the article states that no credit card or password details were included – so if you are a WWE Network subscriber, or happen to buy a lot of Roman Reigns shirts, you don’t need to panic. They also confirmed that WWE are investigating the situation.
They did not however say if that would include Vince McMahon sending Brock Lesnar over to sort out whoever is responsible.