WRESTLING COMPANY WWE has suffered a data breach that has exposed the personal information of 'more than three million' wrestling fans.
INQ has heard that the number of those affected is closer to 3.16 million, but this remains unconfirmed.
News of the breach comes via Forbes. Researcher Bob Dyachenko, from security company Kromtech, told the website that his eyebrows raised after uncovering a database that contained data on millions of users, including their home and email addresses, birth dates, educational background, ethnicity, earnings, children's age ranges, and genders.
Dyachenko said that this data, which was all stored in plain text and reportedly belongs to WWE's marketing department, was sitting on on an Amazon Web Services S3 server without username or password protection, which meant that anyone with access to the web address could access the leaked database.
Forbes says that an IT error was likely to blame for the leak, noting that "it's likely the database was misconfigured by WWE or an IT partner."
Dyachenko notified WWE about the leak on 4 July and the company immediately hit the killswitch and took down the database.
However, he also noted that another database on Amazon's hosting service contained European fans' data including names, telephone numbers and addresses, which is believed to have come from the WWE online store.
"Shortly after WWE was alerted to the leak by Dyachenko on July 4, the company moved swiftly to remove them from the web, making them inaccessible," WWE said in a statement.
"Although no credit card or password information was included, and therefore not at risk, WWE is investigating a vulnerability of a database housed on Amazon Web Services, which has now been secured," the company said.
"WWE utilises leading cybersecurity firms Smartronix and Praetorian to manage data infrastructure and cybersecurity and to conduct regular security audits on AWS. We are currently working with Amazon Web Services, Smartronix and Praetorian to ensure the ongoing security of our customer information."
We don't know when it will all be fixed. µ
Some $150,000 in digital currency got swiped
Canadian scientists claim tech could dominate future tech
Alexa, play that 'Let It Go' song 30 times
Webstresser's admins were also arrested as part of major op