Over 3 million WWE fans have had their personal information leaked earlier this week.
World Wrestling Entertainment Inc, WWE, left an unsecured database on an Amazon Web Server.
Bob Dyachenko, of security firm Kromtech, has informed Forbes that he discovered an unprotected database of more than 3 million WWE users. The exposed information included names, addresses, educational background, income earnings, and ethnicity. The information was left wide in the open on a Amazon Web Services S3 server without a username or password. Anyone who knew the web address had access to the information.
It is unknown as to what part of the WWE Corporation the information came from but Dyachenko believes it may have belonged to a marketing department. The type of data that was leaked is also the same kind utilized for their WWE Network, a subscription video streaming service for events.
"It's unfortunate by being a WWE fan, you're now part of a data breach. Addresses with number and ages of children makes me nervous," said Joseph Lorenzo Hall, Chief Technologist of the Center for Democracy & Technology.
"It's unfortunate Amazon doesn't have a 'neighborhood patrol' of sorts for S3 that checks for open buckets with sensitive data - jiggling the locks, checking for apparent misconfigurations - and then takes them offline." Amazon has yet to comment on a request for stricter security measures for accounts left open on their cloud servers.
In an interview a WWE spokes-person stated "Although no credit card or password information was included, and therefore not at risk, WWE is investigating a potential vulnerability of a database housed on a third party platform."
WWE has allegedly locked down the data and is working with "leading cyber security firms" to protect their customer base from any future leaks.