Personal information about more than 3 million World Wrestling Entertainment Inc. customers was exposed on a database, but there’s no indication hackers accessed the information.
Bob Diachenko, chief security communications officer with security software vendor Kromtech, says he was able to find a publicly accessible database that contained the email addresses and social media activity of more than 3 million WWE fans—data that includes shoppers’ names and home addresses. Diachenko says the data was from 2014-15, and included results of a demographic survey that had answers to questions about education, age and race, and children’s age and gender. The data was “set to ‘Public’ access and available for anybody with [an] internet connection to view and download,” Diachenko writes in a blog post.
“The documents also included spreadsheets with social media tracking of the WWE social media accounts, like YouTube, with weekly totals of plays, likes, shares, comments and a more in-depth look at how they manage their social media and gauge fan interactions,” Diachenko writes. “The list was even broken down by country, so one would imagine that they can better target their ads or localized content.”
Diachenko says in the blog that he and his team notified WWE about the vulnerability and that it was fixed within hours. The database was hosted on a server operated by Amazon Web Services, the business unit of Amazon.com Inc. that leases computer capacity to other companies. There has been no suggestion that Amazon was responsible for exposing the data.
WWE confirmed that personal information was accessible, issuing a statement Thursday on its website.
WWE is No. 566 in the Internet Retailer 2017 Top 1000, having done an Internet Retailer-estimated $28.4 million in online sales last year, up 17.4% from $24.2 million in 2015.
“Although no credit card or password information was included, and therefore not at risk, WWE is investigating a vulnerability of a database housed on Amazon Web Services (AWS), which has now been secured,” World Wrestling Entertainment said. “WWE utilizes leading cybersecurity firms Smartronix and Praetorian to manage data infrastructure and cybersecurity and to conduct regular security audits on AWS. We are currently working with Amazon Web Services, Smartronix and Praetorian to ensure the ongoing security of our customer information.”
It is unclear whether hackers accessed WWE customer data or were even aware of its availability until news was made public.
Ryan Wilk, vice president of customer satisfaction at security vendor NuData Security, says this latest instance of exposed consumer data should serve as a warning to anyone who stores customer information online that such information must be handled carefully.
“We have hit a turning point where financial and identity cyber crime has become something that a person with the most basic computer skills can dabble in,” Wilk says. “Because of this, merchants and financial institutions need to rethink how they protect and identify their users in the digital world. We need to protect all consumer data, but more importantly, we need to make it valueless.”
In mid-May, Japanese cosmetics manufacturer and retailer Tatcha notified its shoppers that its site had been breached earlier this year. Around that same time, barbecue equipment manufacturer and retailer Char-Broil suffered a similar breach, wherein a hacker implemented malicious code on its website that allowed them to then access a shopper’s payment and billing information.
FavoriteHackers target e‑commerce sites to swipe payment data
advertisement