World Wrestling Entertainment, Inc. (WWE) has announced that the company is investigating an incident in which an unprotected database of more than 3 million registered users was discovered by a Bob Dyachenko of cyber security firm Kromtech.

According to Dyachenko, the database was discovered unprotected on Amazon Web Services S3 (AWS) containing personal details of users including names, email and home addresses, date of birth, genders, ethnicity, earnings, educational background and children’s age ranges.

[irp posts=”54101″ name=”Man Accidentally Destroyed Production Database on First Day of His Job”]

Dyachenko told Forbes that the anyone with knowledge of which web address to search could have downloaded the database in plain text since it had no security on it, not even a password.

He also noticed another database hosted on Amazon server containing personal details of European WWE fans including names, addresses, and telephone numbers.

While it is unclear which department of WWE Corporation the database belongs to; Dyachenko believes the leak might have come from the marketing department as the data also contained social media tracking data including posts from WWE fans and Superstars.

Dyachenko informed the company about the vulnerability on 4th July, and according to the official statement from the WWE, the vulnerability ” has now been secured.” In a statement, WWE acknowledged the hack and stated that no credit card data or passwords were leaked.

“Although no credit card or password information was included, and therefore not at risk, WWE is investigating a vulnerability of a database housed on Amazon Web Services (AWS), which has now been secured. WWE utilizes leading cyber security firms Smartronix and Praetorian to manage data infrastructure and cyber security and to conduct regular security audits on AWS. We are currently working with Amazon Web Services, Smartronix, and Praetorian to ensure the ongoing security of our customer information,” said the statement.