WWE has posted that they are investigating vulnerability in which an unsecured database of more than 3 million customers details was leaked on AWS.The vulnerability was discovered by Bob Dyachenko from Kromtech.
“Although no credit card or password information was included, and therefore not at risk, WWE is investigating a vulnerability of a database housed on Amazon Web Services (AWS), which has now been secured. WWE utilizes leading cybersecurity firms Smartronix and Praetorian to manage data infrastructure and cybersecurity and to conduct regular security audits on AWS. We are currently working with Amazon Web Services, Smartronix and Praetorian to ensure the ongoing security of our customer information.”
According to Forbes, The leaked database data included home and email addresses, birthdates, as well as customers’ children’s age ranges and genders. The database was sitting on an Amazon Web Services S3 server without any type of authentication.
Bob Dyachenko said:
“It’s likely the database was misconfigured by WWE or an IT partner as in other recent leaks on Amazon-hosted infrastructure.”
Bob also told Forbes that anyone who knows the URL can download database without any authentication.
Actually, this has happened before, it’s not the first time that an unprotected database was found hosted on Amazon with no authentication.