WWE said Thursday it is investigating a "vulnerability of database" after a security firm announced earlier this week it had uncovered an unprotected database that was open to anyone.
Bob Dyachenko, from the security firm Kromtech, told Forbes he’d uncovered a huge, unprotected WWE database containing information on more than 3 million users. Dyachenko also claimed that it was open to anyone who knew which web address to search, according to Forbes.com.
The leak in the WWE database, included users home and email addresses, birthdates, earnings, ethnicity, children’s age ranges, genders and more. The database was stored on an Amazon Web Services S3 server without username or password protection. Dyachenko said it was not clear which branch of the WWE Corporation the database came from.
WWE said in a statement posted on the company's website that it is working with Amazon Web Services, the cybersecurity firms Smartronix and Praetorian Cybersecurity Solutions to investigate the breach.
"Although no credit card or password information was included, and therefore not at risk, WWE is investigating a vulnerability of a database housed on Amazon Web Services (AWS)," the statement said.