WWE (World Wrestling Entertainment) has published that it’s investigating a vulnerability in which an unsecure database of more than 3 million customers exposed on AWS was discovered by a security researcher (Bob Dyachenko) from Kromtech (cyber security firm).
WWE said:
“Although no credit card or password information was included, and therefore not at risk, WWE is investigating a vulnerability of a database housed on Amazon Web Services (AWS), which has now been secured. WWE utilizes leading cybersecurity firms Smartronix and Praetorian to manage data infrastructure and cybersecurity and to conduct regular security audits on AWS. We are currently working with Amazon Web Services, Smartronix and Praetorian to ensure the ongoing security of our customer information.”
According to Forbes, The data included home and email addresses, birthdates, as well as customers’ children’s age ranges and genders. The database was sitting on an Amazon Web Services S3 server without any type of authentication.
Bob Dyachenko said:
“It’s likely the database was misconfigured by WWE or an IT partner as in other recent leaks on Amazon-hosted infrastructure.”
The researcher also told Forbes that anyone knows the URL can access the database and download it without any authentication.
Actually, this has happened before, it’s not the first time that an unprotected database was found hosted on Amazon with no authentication.