If you’ve shared your personal information at some point with WWE, there’s a chance that the pro wrestling company just left it lying around for anyone to see.
Per Forbes, an “unprotected WWE database containing information on more than 3 million users” was recently discovered on an Amazon Web Services S3 server without any kind of username or password protection. The security firm that discovered the file said that anyone who knew the web address to search could have had easy access to user addresses, education backgrounds, financial earning, and even ethnicity.
Per a spokesperson for the firm, it’s unclear where the database came from, but they suspect it belonged to a marketing team given that the data was accompanied by social media tracking info. The data included seems to match the kind of information that WWE Network customers are asked to provide when signing up for the video streaming service.
If that wasn’t bad enough, this apparently wasn’t the only user information database floating out in the open. Another one on Amazon’s service included addresses, telephone numbers, and names for European wrestling fans. One person whose data was included in that file said that they think it came from an online WWE store.
The security firm alerted WWE to the leak on July 4 and the company quickly removed it from the servers. A spokesperson for the company released a statement to Forbes saying, “Although no credit card or password information was included, and therefore not at risk, WWE is investigating a potential vulnerability of a database housed on a third-party platform.”
Forbes notes that aside from the practical problems that come with leaving customer data out in the open, the fact that WWE seems to be aggregating data on ethnicity and children ages gets into a gray area for privacy advocates. Though, to be fair, that information is collected on a volunteered basis via WWE Network signups.
UPDATE: WWE has released their full statement regarding the leak. “Although no credit card or password information was included, and therefore not at risk, WWE is investigating a vulnerability of a database housed on Amazon Web Services (AWS), which has now been secured. WWE utilizes leading cybersecurity firms Smartronix and Praetorian to manage data infrastructure and cybersecurity and to conduct regular security audits on AWS. We are currently working with Amazon Web Services, Smartronix and Praetorian to ensure the ongoing security of our customer information.”