Misconfigured Database Almost Suplexes the WWE

If you’re a fan of the spectacle put on by World Wrestling Entertainment, Inc., you may find yourself pinned thanks to an error made in some of their databases. This error allowed personal information from three million users to be accessed by anyone who knew where to look.

The information contained in the first database was unnervingly comprehensive, including home addresses, email addresses, and birthdays--and in some cases, the genders and age ranges of children in the household.

The plain text database was discovered by an employee of Kromtech, a computer security firm, named Bob Dyachenko. Found on an Amazon Web Services S3 server, the database had no username or password protections. It is uncertain which branch of the WWE was maintaining this database. Despite this uncertainty, Dyachenko has some suspicions as to its source.

Due to the social media tracking data that accompanied the database, Dyachenko believes that the database belonged to one of the WWE’s marketing teams. The leaked data lines up with the details that the WWE collects from subscribers to the WWE Network, which allows customers to stream wrestling events.

This wasn’t the only database that was leaked, either. The second one--also hosted on Amazon--outlined the names, addresses, and phone numbers of primarily European fans. Fortunately, it does not appear that any passwords or financial information was exposed.

However, the fact that the WWE was collecting information on the ethnicity and age range of their adolescent audience has a lot of security experts concerned. This information was volunteered by the fans as they registered, but the WWE does not offer any explanation of what this data will be used for, beyond sharing it with select (unnamed) partners.

Once alerted to the vulnerability by Dyachenko, the WWE was quick to take down the data, making it inaccessible to outside eyes.

This is not the first leak that has happened on the Amazon servers, either. Other high-profile leaks have been caused by misconfigured servers and the like--which raises an important question regarding your business: is your data as secure as it could be?

While your business may not serve 3 million people, imagine the backlash you would receive if you had left the personal information of that many clients vulnerable. A simple mistake is all it would take to suddenly have your issue broadcast on the news as your remaining clients swiftly jumped ship. Regardless, a similar situation would likely happen in your own company, as your understandably upset customers would most likely seek an alternative in your competition.

Unfortunately, the harsh reality is that your data is always at risk, but this is where Direct Technology Group can help. We can help resolve any issues to be found in your IT. Give us a call at (954) 739-4700 to get started.