The Online Onslaught Forums

By contributing to Online Onslaught, you'll help make sure we're around for years to come. Toss us as little as a few bucks, or as much as your generosity allows. Thanks!

Last active: Never Not logged in [Login ]

Printable Version |
Subscribe | Add to Favorites
New Topic New Poll New Reply
Author: Subject: WWE exposes customer names, home addresses, emails, birthdates in massive leak
Man of a Thousand Holds

Posts 1607
Registered 5-2-2010
Location Harbin, China
Member Is Online

Mood: Barbeque

posted on 7-7-2017 at 04:30 AM Edit Post Reply With Quote
WWE exposes customer names, home addresses, emails, birthdates in massive leak

From Cageside Seats (via Forbes) .

Thomas Fox-Brewster , FORBES STAFF
I cover crime, privacy and security in digital and physical forms.

WWE has suffered a large data leak, revealing fans addresses, emails, phone numbers and, in many cases, ethnicities and children's age ranges. (Photo credit: THOMAS SAMSON/AFP/Getty Images)

WWE fans take note: an IT error may have left your personal information open to anyone, including addresses, educational background, earnings and ethnicity.

Earlier this week, Bob Dyachenko, from security firm Kromtech, told Forbes he'd uncovered a huge, unprotected WWE database containing information on more than 3 million users, noting it was open to anyone who knew the web address to search. Looking at samples of the leaked information provided by Dyachenko, all data was stored in plain text.

The data - which also included home and email addresses, birthdates, as well as customers' children's age ranges and genders where supplied - was sitting on an Amazon Web Services S3 server without username or password protection, Dyachenko said. It's likely the database was misconfigured by WWE or an IT partner as in other recent leaks on Amazon-hosted infrastructure. WWE said it was investigating.

It's unclear what branch of the WWE Corporation the database came from, though Dyachenko suspects it belonged to one of its many marketing teams, given it was accompanied by reams of social media tracking data, including posts from superstars and fans. The kinds of data in the leak are the same as those in the account details section for customers of the WWE Network, a subscription-based video streaming service for wrestling events.

That wasn't the only database WWE was leaking, Dyachenko added. It left another on Amazon's hosting service that contained reams of information primarily on European fans, though the information contained only addresses, telephone numbers and names, a review of samples of the data revealed. According to one customer, who responded to Forbes' inquiries trying to validate the leaked data, it was likely this database was from an online WWE store as "the network doesn't require a mobile number."

Shortly after WWE was alerted to the leak by Dyachenko on July 4, the company moved swiftly to remove them from the web, making them inaccessible.

"Although no credit card or password information was included, and therefore not at risk, WWE is investigating a potential vulnerability of a database housed on a third party platform," a spokesperson from the wrestling giant said.

Recommended by Forbes
Now Those Privacy Rules Are Gone, This Is How ISPs Will Actually Sell Your Personal... Leaks Very Private Data of 1.1 Million 'Elite' Daters --...
Funding Circle Error Exposes 6,000 SSNs Of American Clients
Cyber Weapons Dealer Investigates 'Leak' Of Tor Hack That Helped Cops Bust Child...
MOST POPULAR Photos: The 10 Most Dangerous U.S. Cities
TRENDING ON FACEBOOK Billionaire Jim Jannard Launches First Virtual Reality Smartphone
MOST POPULAR Photos: The Toughest Jobs To Fill In 2017
MOST POPULAR Compare Your Retirement Readiness

"In today's data-driven world, large companies store information on third party platforms, and unfortunately have been subject to similar vulnerabilities. WWE utilizes leading cybersecurity firms to proactively protect our customer data."

WWE didn't say where the information came from or how long the database was open on Amazon. The spokesperson said the firm was working with "a leading cybersecurity firm" to determine the cause of the leak.

Ethical ethnicity issues

While the security lapse is cause for concern, that WWE is also collecting ethnicity information and children's age ranges has privacy advocates anxious. Amongst the categories within the ethnicity bracket were caucasian, African American, American Indian, Hispanic and Asian, while options for children's age ranges were under 13, over 13, both or none. It would appear, however, that the fans had volunteered that information, having the choice to do so on their WWE Network profile.

Joseph Lorenzo Hall, chief technologist at the Center for Democracy & Technology, pointed to the issues Facebook had in late 2016 after it was criticized for offering advertisers the ability to target ads at ethnic groups. Facebook responded by preventing advertisers targeting ads at specific ethnicities for housing, employment or credit. WWE does not state in its privacy policy how it will use ethnicity or earnings data, though does say it shares personal information with selected, unnamed partners.

"It's unfortunate by being a WWE fan, you're now part of a data breach. Addresses with number and ages of children makes me nervous," added Hall.

He also called on Amazon to do more for those leaving data open on its cloud servers. "It's unfortunate Amazon doesn't have a 'neighborhood patrol' of sorts for S3 that checks for open buckets with sensitive data - jiggling the locks, checking for apparent misconfigurations - and then takes them offline." Amazon hadn't responded to a request for comment at the time of publication.

Multiple leaks have occurred on Amazon in recent months, largely thanks to misconfigurations of servers. The most notable was that of a Republican Party marketing contractor that left data on more than 198 million voters on an open database in June. In that case the information appeared to be amassed from a wide range of sources, and included addresses, birthdates, phone numbers and sentiment analyses for predicting individuals' opinions, religion and ethnicity.

Forbes:< br />
[Edited on 7-7-2017 by CamstunPWG187]

View User's Profile View All Posts By User U2U Member
First 9
The Rowdy One

Posts 2421
Registered 1-22-2013
Member Is Offline

Mood: Doing the Emma Dance

posted on 7-7-2017 at 05:00 AM Edit Post Reply With Quote
Anybody who has the Network linked to the same email used for other sensistive accounts(banks). Please take the time to change the passwords of said accounts, especially if you use the same password for multiple stuff.
View User's Profile View All Posts By User U2U Member
The Immortal One

Posts 4799
Registered 1-14-2003
Location At the gym
Member Is Offline

Mood: Rather be lifting

posted on 7-7-2017 at 02:05 PM Edit Post Reply With Quote
Things just got easier for Tex to find you, hunt you...

#GLENNSURVIVESLOL - Cherokee Jack, from TWD Season 6 thread

View User's Profile E-Mail User View All Posts By User U2U Member
The Great One

Posts 3557
Registered 7-21-2010
Member Is Offline

Mood: Covfefe

posted on 7-7-2017 at 03:17 PM Edit Post Reply With Quote
Does this affect only people who are currently subscribed? Or does it contain data for anyone who has ever subscribed?

"She was warned. She was given an explanation. Nevertheless, she persisted."

"The powers of the president to protect our country are very substantial and will not be questioned."
--- Stephen Miller, Trump senior White House advisor, Feb. 12, 2017

View User's Profile View All Posts By User U2U Member
Rocco Rock of Jabroni

Posts 7446
Registered 1-19-2008
Location Stupid Idiot Section
Member Is Online

Mood: ChinceMcMahon

posted on 7-7-2017 at 05:15 PM Edit Post Reply With Quote
Internet reels in amazement as they notice how many WWE subscribers also have accounts at Pornhub, Reality Kings, and Grindr.

You know, everyone says it's not supposed to make sense, like that's the whole point, dude. And I'm just saying, you know, that's like an excuse for lazy storytelling. Just don't sell me shite and tell me it's gold, all right? I might be stoned, but I'm not high. You know what I mean?
- Cassidy from Preacher, commenting on The Big Lebowski and/or professional wrestling

View User's Profile View All Posts By User U2U Member

Posts 26
Registered 11-24-2014
Member Is Offline


posted on 7-7-2017 at 10:20 PM Edit Post Reply With Quote
Originally posted by First 9
Anybody who has the Network linked to the same email used for other sensistive accounts(banks). Please take the time to change the passwords of said accounts, especially if you use the same password for multiple stuff.

Not saying that routinely changing your passwords, and not repeating passwords over sites that hold sensitive information isn't very prudent advice, but according to the article no password information was leaked. They weren't hacked, but just grossly incompetent?

Only addresses, name, age, educational background, ethnicity (hi ICE). And if you're worried about that info getting into the wrong hands, I got some bad news if you've ever bought a car, applied for a credit card, got a loan, magazine subscription, etc. -- It's already out there! Oh god no!

Remember, 3 email accounts:

1) for friends/family
2) for bills/online accounts
3) for Grindr [she'll never know!]

And just to fear monger a little, while most states require companies to report data breaches to their customers, they aren't required to do so immediately. Yahoo reported in 2016 that were hacked in 2014. If you use your credit card everywhere for purchases you have a significant chance you've been caught up in a breach this year and don't even know it yet.

So update those password every few months regardless of this shit happening. Or only do it when the sites force you to and don't worry about this too much. If they're really out to get you, they will.

View User's Profile View All Posts By User U2U Member
SpeciASSl CUMedian

Posts 1566
Registered 1-25-2008
Location One Inch Right of Philly on a Map
Member Is Offline

Mood: Old

posted on 7-9-2017 at 02:34 PM Edit Post Reply With Quote
Yawn ... with 93 seconds of google searching you can find all this stuff out on almost anyone. My name is (redacted) I have a big green (redacted) on in my (redacted) picture. Have at it.

[Edited on 7-9-2017 by DKBroiler]

Braun Strowman guy.

View User's Profile View All Posts By User U2U Member

New Topic New Poll New Reply

go to top

Powered by XMB 1.8 Partagium Final SP1
Developed By Aventure Media & The XMB Group
Processed in 0.0648510 seconds, 20 queries