“An employee of German security firm Kromtech uncovered an unprotected WWE database containing more than 3 million users’ personal information, according to a report published Thursday by Forbes.
The data was stored on an Amazon server without any username or password protection, Forbes reported, and was accessible to anyone who knew which web address to search.
Displayed in easily readable plain text, users’ home and email addresses, birthdates, ethnicities, children’s age ranges and genders were included in the leak, Forbes said, among other information.
“Although no credit card or password information was included, and therefore not at risk, WWE is investigating a vulnerability of a database housed on Amazon Web Services (AWS), which has now been secured,” a WWE spokesperson said in a statement.
“WWE utilizes leading cyber security firms Smartronix and Praetorian to manage data infrastructure and cybersecurity and to conduct regular security audits on AWS. We are currently working with Amazon Web Services, Smartronix and Praetorian to ensure the ongoing security of our customer information,” the spokesperson said.
According to Forbes’ source, another database was left on an Amazon server containing more information on primarily European fans.”