A leak might have caused the personal information of more than 3 million WWE fans to have been exposed, according to a Forbes report.
The security firm Kromtech told Forbes it discovered a WWE database that contained information such as home and email addresses, educational backgrounds, birthdates, earnings, and ethnicities of fans who might have subscribed to the WWE Network or bought merchandise from the online store.
According to Kromtech, the unprotected WWE database was found on an Amazon Web Services S3 server without password protection, and according to Forbes, “it’s likely the database was misconfigured by WWE or an IT partner as in other recent leaks on Amazon-hosted infrastructure.”
Kromtech suspects the leak might have come from a WWE marketing team because of the social media tracking data that was discovered. But there reportedly also was another database leak that contained information on European fans who could have been using the WWE online store.
“Although no credit card or password information was included, and therefore not at risk, WWE is investigating a potential vulnerability of a database housed on a third party platform,” a company spokesperson told Forbes. “In today’s data-driven world, large companies store information on third party platforms, and unfortunately have been subject to similar vulnerabilities. WWE utilizes leading cybersecurity firms to proactively protect our customer data.”
Other information that was exposed in the leak included the age ranges and gender of user’s children.
More from Forbes:
While the security lapse is cause for concern, that WWE is also collecting ethnicity information and children’s age ranges has privacy advocates anxious. Amongst the categories within the ethnicity bracket were Caucasian, African American, American Indian, Hispanic and Asian, while options for children’s age ranges were under 13, over 13, both or none. It would appear, however, that the fans had volunteered that information, having the choice to do so on their WWE Network profile … WWE does not state in its privacy policy how it will use ethnicity or earnings data, though does say it shares personal information with selected, unnamed partners.
The WWE said it’s teaming with a “leading cybersecurity firm” to figure out how the information was leaked.