WWE Leak Exposes Three Million Users
It is interesting to see what data companies collect on us. Unfortunately, that usually happens when the company suffers a breach.
WWE joined the crowd of businesses that can’t quite remember to protect data that they make publicly accessible on the Internet. One more time, the data was stored at Amazon.
In this case it is data on three million WWE fans.
And not just the usual name, address and email.
This data included birthdate and children’s age ranges and genders. It included large amounts of social media data such as fan posts.
Another, smaller database of European fan data was also left exposed, but that did not include as wide a variety of data elements. Maybe that is due to stricter European privacy laws.
After the researcher who discovered the unprotected databases told WWE about them, they removed the data from the Internet very quickly.
WWE is investigating how the breach happened. They did not say how long the data sat unprotected in the Amazon cloud.
Among the data collected and exposed was each fan’s ethnicity. Not sure why any fan would provide that data to a wrestling web site, but ……
It is interesting the number of Amazon related breaches we have seen recently. I actually don’t think that there are more “breaches”, but rather researchers have figured out that Amazon is fertile hunting ground and so they have begun looking there more actively.
The real question is whether these breaches are just the tip of the iceberg or whether, for the most part, sensitive data stored in the cloud is protected. I am not sure that we will ever know.
This is, however, another reminder to very carefully check the permissions on systems and services exposed to the cloud. This includes all third party service providers such as Amazon.
Just because you outsource your IT infrastructure to a cloud provider does not take you off the hook – either legally or from a business reputation damage viewpoint. WWE fans don’t care that they outsourced their data storage to Amazon. Don’t care at all.
It is important to note that none of these Amazon data leaks are in any way the fault of Amazon. Amazon has not been – that we know of – hacked.
In fact, none of these breaches even involved stolen credentials.
They were all caused by human error.
Information for this post came from Forbes.