A security researcher from Kromtech (owned by Forbes) name Bob Dyachenko discovered a WWE database on one of Amazon’s web servers (AWS) that was not password protected, and thus, available for viewing and/or downloading by anyone who knew the address.
The database contained physical addresses, names and gender information.
The database was secured shortly after notification was received of the vulnerability, and the company released the following statement:
“Although no credit card or password information was included, and therefore not at risk, WWE is investigating a vulnerability of a database housed on Amazon Web Services (AWS), which has now been secured. WWE utilizes leading cybersecurity firms Smartronix and Praetorian to manage data infrastructure and cybersecurity and to conduct regular security audits on AWS. We are currently working with Amazon Web Services, Smartronix, and Praetorian to ensure the ongoing security of our customer information.”
Kudos to WWE for responding quickly and professionally to the issue. Having said that, though, we’re seeing an increasing number of companies who have these types of issues that go on record and, as part of their statement to the public, still sing the praises of their cybersecurity.
While we understand the desire and are quick to acknowledge that it does help to soothe the public’s fears about the exposure, it should also be pointed out that their security was clearly lacking, or they wouldn’t have had to respond to such an issue to begin with. Sooner or later, this tactic is bound to backfire, but the company can’t be blamed for getting what mileage out of it they’re able.
Nonetheless, this represents yet another high-profile data security issue this year that impacts millions of users, and if you’re a fan of the WWE, be advised that at least some of your personal information may have been compromised.