We have posted about numerous breaches resulting from unsecured databases. The reality with databases is that there are multiple factors that need to be assessed to ensure that they are properly protected, and access is given only to those who are authorized. A single wrong setting can allow a database to be exposed to innumerable unauthorized eyes, including those with malicious intent. Databases of all types continue to be exposed via these types of mistakes, with some recent incidents even including financial information. In yet another occurrence of this, personal information of WWE customers was exposed.
How the Database Was Exposed Online
The database being referred to was housed on Amazon Web Services, and the information within was in plain text and available to anyone who knew the URL, not even requiring a username or password. The database held over 3,000,000 customer’s personal information, including home addresses, email addresses, ethnicities, and age range and genders of children where they were given. The WWE said that no credit card or password information was exposed in the incident and that the database is now secured. WWE is currently working with security firms to ensure better protection, stating, “WWE utilizes leading cybersecurity firms Smartronix and Praetorian to manage data infrastructure and cybersecurity and to conduct regular security audits on AWS. We are currently working with Amazon Web Services, Smartronix and Praetorian to ensure the ongoing security of our customer information.”
The breach had initially been reported by Bob Dyachenko of Kromtech on Tuesday. He had then told this to Forbes, who released a report upon the incident. The report from Forbes seems to have prompted the official statement from WWE, as it followed soon after. There does not appear to be any information regarding how the WWE is handling it with their customers, as far as notifying or protecting them. It is obviously a good thing that WWE is working to fortify their security for the future, but they should have minimally notified those affected, as their data may now be in other hands. Unfortunately, it is a far too common occurrence for breached organizations to somewhat neglect the affected public, which in the long run can create further issues for an organization.
Maintaining Security to Prevent Cyber Attacks
The above incident was not a result of a cyber attack, but this is not true for many other cases. But, even in cases like the above, these breaches can leave data open for attackers to steal and use for their malicious purposes. The reality is that cyber attacks can come from numerous different vectors. Organizations need to be quite meticulous about reviewing and assessing potential vulnerabilities to be able to prevent cyber attacks. As mentioned above, a single incorrect setting or vulnerability can lead to a massive breach. Organizations need to ensure to evaluate all potential attack vectors, as well as frequently look over their systems and networks to determine if any new vectors have arisen. Negligence has no place in the realm of cyber security, especially being that organizations can hold massive amounts of customer information. This data needs to be protected, or an organization may find themselves losing their customer base over improper information handling. Massive Alliance offers a wide range of tools and services that can help an organization to prevent cyber attacks.