Content, Governance, Risk and Compliance, Breach

WWE Database Leak: More Than 3 Million Users Exposed on Amazon Web Services (AWS) Cloud

World Wresting Entertainment (WWE) database leak has exposed the personal information of more than 3 million users, according to IT investment and development company Kromtech.

Kromtech recently discovered two open and publicly accessible Amazon S3 Buckets that contained information collected by third-parties agencies specifically for WWE marketing purposes, Kromtech Chief Communication Officer Bob Diachenko noted in a prepared statement.

The WWE database leak exposed a variety of user information, including:

  • Birthdates.
  • Children's age ranges.
  • Earnings.
  • Ethnicity.
  • Genders.
  • Home and email addresses.

Kromtech estimated roughly 12 percent of this information (several gigabytes) was set to "Public" access and available to anybody with an internet connection, Diachenko stated.

The exposed database likely was misconfigured by WWE or an IT partner, Diachenko told Forbes.

WWE Responds to the Database Leak

WWE told Prowrestling.net that no credit card or password information was exposed in the database leak. The company also has removed the exposed data from the web, Forbes stated.

In addition, WWE is investigating the database leak in conjunction with its cybersecurity partners, the global entertainment company told Prowrestling.net.

"WWE utilizes leading cybersecurity firms Smartronix and Praetorian to manage data infrastructure and cybersecurity and to conduct regular security audits on AWS. We are currently working with Amazon Web Services, Smartronix and Praetorian to ensure the ongoing security of our customer information," WWE pointed out.

Most Enterprises Are Prepping for Data Breaches

The WWE leak puts a bright spotlight on how enterprises are evolving their data protection strategies. Many enterprises anticipate data breaches in 2017 – and perhaps beyond, according to a survey conducted by forensic security solutions company Guidance Software.

Guidance's survey of 330 IT professionals revealed 54 percent of organizations said they feel "well prepared" to respond to a major breach in the coming year, up from 51 percent in 2016.

Comparatively, the survey showed 32 percent of respondents said they believe cloud services and applications makes their data less secure.

Top IT Security Challenges

Wether data remains on premises or in the cloud, the security challenges remain immense. Guidance survey respondents ranked the following as their top IT security challenges:

  • Assessing risk (35 percent).
  • Enforcing security policies (34 percent).
  • Managing the complexity of security (33 percent).

To overcome these challenges, an organization must develop an effective IT security strategy that encompasses a wide range of factors, Guidance CEO Patrick Dennis said in a company statement.

"Enterprises are beginning to realize that compromise is inevitable, so they need to ensure that they have a complete strategy that includes costs for prevention and deep detection and response tools," Dennis noted. "In other words, a growing number of enterprises recognize they live in a world of continuous compromise and no longer have to fear the breach."

In the WWE's case, proper compliance processes coupled with proper security settings could have prevented the embarrassing data exposure on AWS...

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.