Reading:
WWE’s unprotected database – affecting over three million fans
Share:
wwe fans

Data Leak Lawyers - Begin Your Data Breach Claim Today!

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

WWE’s unprotected database – affecting over three million fans

Anger amongst WWE wrestling fans is thought to be rife after revelations that up to three million fans’ account information has been left unprotected and accessible on the Amazon cloud.

It’s thought that WWE is watched by 15 million fans each week in the U.S. alone. In 2016, they announced plans to expand to China, opening a potential fan base of 1.4 billion. It’s scary to think that an organisation as big as this and with so many fans could leave data belonging to three million people totally unsecured.

It’s one heck of a monumental data breach…

What was breached?

According to Forbes, Bob Dyachenko from cyber-security firm Kromtech said he discovered a “huge, unprotected WWE database” containing more than three million users’ personal information.

The data trove is thought to include names, home addresses, email addresses, educational backgrounds, earnings, ethnicities, dates of birth, customers’ children age ranges and gender. The data was discovered without username or password protection; i.e. without the most basic of cyber-security protection protocols.

Public access

Mr Dyachenko discovered two open and publicly accessible Amazon S3 Buckets that contained masses of information collected by third party agencies used for WWE marketing purposes. He goes on to say that an estimated 12% of all the information was set to ‘public access’ which means it’s readily available for the general public with internet access.

Anyone accessing the information could also download it.

Two buckets of data found wide-open

Of the two databases, the first Amazon S3 Bucket contained a lot of emails in plain text with data thought to be from 2014 to 2015. The total amount of records is thought to amount to 3,065,805. This figure was checked by researchers for duplication, and the results showed they were unique.

The second Amazon S3 Bucket showed that around 12% – 15% of the data was partially set for public access. It contained a huge amount of marketing and customer data, including billing data, usernames and addresses. This database also contained information on hundreds of thousands European customers who had shopped at the online store from 2016.

There were also spreadsheets of WWE fans’ marketing preferences. This included social media tracking of the WWE social media accounts like YouTube, with weekly total of plays, likes, shares, comments and how to gauge fan interactions. This spreadsheet was broken down into countries, most likely for targeted marketing purposes.

Databases secured after a couple of hours

According to Mr Dyanchenko, the databases were secured within a couple of hours on 4th July 2017 after Kromtech security sent notification messages to WWE Corporation developers. However, no one knows how long the data was exposed for and how many people have accessed the database.

A WWE spokesperson said they were working with “a leading cybersecurity firm” to find the cause of the leak.

Many of WWE’s folders were protected, prohibiting public access to employee and wrestler information. It begs the question as to why WWE’s fans’ information wasn’t sufficiently protected in the same way employees and wrestlers were.

The U.K.’s privacy watchdog, the Information Commissioner’s Office (ICO), may look into the breach.

Image Credit: https://pixabay.com/en/gdansk-poland-arena-venue-sports-83358/

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy
SRA
Contact
www.dataleaklawyers.co.uk is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon