WWE Issues Statement On Data Breach
Customers' sensitive information inadvertently exposed.
Following Forbes's report of a data breach that left WWE customers' personal information exposed, the company has responded with an official statement.
According to WWE, the breach occurred due to vulnerabilities in a now-secured database housed on Amazon Web Services. The company is now working with Amazon Web Services, as well as cybersecurity firms Praetorian and Smartronix, in order to prevent further issues.
The breach, which was initially reported on Tuesday, was uncovered by Bob Dyachenko from security firm Kromtech, who told Forbes that WWE's customer information was sitting on an unprotected server, available to read in plain text by anybody who knew the URL. More than 3,000,000 customers in WWE's database were exposed, with information ranging from their home addresses to ethnicities to the ages and genders of their children readily available.
In WWE's statement, the company was quick to point out that no credit card numbers or passwords were stored on the server, so users didn't have to worry about that information falling into the hands of others. That's still been of little comfort to users whose profiles may have been seen, as well as privacy advocates concerned with WWE's monitoring of information such as customers' ethnicities and earnings data.