The security firm Kromtech told Forbes it discovered a WWE database that contained information such as home and email addresses, educational backgrounds, birthdates, earnings, and ethnicities of fans who might have subscribed to the WWE Network or bought merchandise from the online store.
According to Kromtech, the unprotected WWE database was found on an Amazon Web Services S3 server without password protection, and according to Forbes, “it’s likely the database was misconfigured by WWE or an IT partner as in other recent leaks on Amazon-hosted infrastructure.”
Kromtech suspects the leak might have come from a WWE marketing team because of the social media tracking data that was discovered. But there reportedly also was another database leak that contained information on European fans who could have been using the WWE online store.
“Although no credit card or password information was included, and therefore not at risk, WWE is investigating a potential vulnerability of a database housed on a third party platform,” a company spokesperson told Forbes. “In today’s data-driven world, large companies store information on third party platforms, and unfortunately have been subject to similar vulnerabilities. WWE utilizes leading cybersecurity firms to proactively protect our customer data.”
Other information that was exposed in the leak included the age ranges and gender of user’s children.
More from Forbes:
The WWE said it’s teaming with a “leading cybersecurity firm” to figure out how the information was leaked.