Dive Brief:
- Security researchers from Kromtech found two open servers containing personal information of World Wrestling Entertainment (WWE) fans and subscribers, according to MacKeeper. WWE’s data, which was publicly accessible, was stored on Amazon S3 Buckets.
- The data uncovered contained 3,065,805 subscribers’ personal information including address, gender, age, race, education and family status. None of the persons listed in the 2014-2015 record seemed to have been duplicated, making them all individual accounts.
- A portion of the available data came from spreadsheets containing WWE’s social media catalogues for demographics and activity levels of subscribers. Kromtech contacted WWE and the servers were secured in a matter of hours. It is unknown how long the data was exposed or who potentially accessed the information, according to the report.
Dive Insight:
Unsecure servers are nothing new as security shortcomings are commonplace across sectors. It was recently discovered a U.S. database containing 198 million U.S. voter information had been exposed on another public Amazon S3 Bucket, Wired reports.
While the storage of databases with proprietary and sensitive information can be secured, it is hard to know when or if a malicious work has already accessed the information. Hackers evolve in purpose and intent and that is where legal ramifications could take the forefront.
The unintentional mishandling of sensitive information is not only an ethical upset for a company, but can also produce legal and fiscal consequences. Anthem just settled a 2015 data breach with a payout of $115 million to the 80 million people affected after having personal information leaked.
Much with present malware breaches like WannaCry and Nyetya, companies are facing scrutiny for their lack of forthright action. With watchdogs like the Federal Trade Commission ready to hold companies accountable for data negligence, companies need to be aware of their current security foundation as with the case of WWE.
