Insightful &
Helpful Articles

Here is what we're working on and
thinking at Hedgehog security.

It was reported in Forbes, last Thursday, that a security researcher had alerted WWE (World Wrestling Entertainment, Inc.) two days earlier to a database operated on their behalf openly available to public scrutiny and extraction. The database in question was apparently a marketing resource operated by a third party on WWE's behalf and exposed the personal data of 3 million fans.  No-one has announced publicly how long the database had been exposed, but WWE was notified by the security researcher who discovered it on Tuesday last week, and it had been secured from view before public notifications were made.  It is reported the data included such personal information as personal addresses, educational background, earnings, ethnicity, and according to other reports even viewing and subscription habits and children's names.
As usual, with incidents like this there are a number of perspectives to consider.
There is the personal.  What are the consequences for you, as an individual, if your information was exposed?  The data that was exposed would have been a treasure trove for identity thieves.  So if you are a regular WWE fan who may have been recorded in the database, you probably need to be especially mindful of your personal data in future and keep an eye on financial records.
Then there is the question of how the database came to be wide open to public access, and indeed how long for.  The longer it was exposed without anyone knowing, the greater the chance of its discovery been made by someone other than the security researcher who did the honourable thing. These are the questions that lessons can be learned from.  Above all it demonstrates the importance of good security processes not only in-house but in the supply chain.  Supply chain auditing is becoming increasingly common, precisely because of the damage a leak in the supply chain can cause.