A hacker has claimed responsibility for breaching Condé Nast and leaking an alleged WIRED database containing more than 2.3 million subscriber records, according to reporting by BleepingComputer.
According to reports, a threat actor using the name “Lovely” posted the leaked database on a hacking forum on December 20, offering access for a small amount of forum credits. The hacker claims the data contains information on more than 2.3 million WIRED subscribers and warned that up to 40 million more records from other Condé Nast publications could be released in the coming weeks.
In the forum post, Lovely accused Condé Nast of ignoring repeated security warnings and not taking user data protection seriously. The hacker claimed it took weeks to get the company to address vulnerabilities on its websites and threatened to leak more data as a result.
While Condé Nast has not publicly confirmed a breach, cybersecurity site BleepingComputer analyzed the leaked database and verified that at least 20 records belonged to real WIRED subscribers, suggesting the data is legitimate.
The leaked database reportedly contains 2,366,576 records, nearly all of which have unique email addresses. Some records also include personal details such as names, phone numbers, physical addresses, birthdays, and account activity data. While many entries contain limited information, a small number include more complete personal profiles.
The hacker also claimed to have stolen data from other Condé Nast brands, including The New Yorker, Vogue, Vanity Fair, GQ, Architectural Digest, Glamour, Teen Vogue, Condé Nast Traveler, and several others.
Security researcher Alon Gal, co-founder of Hudson Rock, independently confirmed the authenticity of the data by matching leaked records with known compromised credentials found in malware logs. This helped verify the dataset without directly involving Condé Nast.
The leaked WIRED data has now been added to Have I Been Pwned, a popular breach notification service, allowing users to check whether their email addresses were affected.
Before releasing the data, Lovely reportedly claimed to be a security researcher and contacted DataBreaches.net for help with responsible disclosure. However, after Condé Nast allegedly failed to respond, the individual downloaded the full database and leaked it. DataBreaches.net later stated they had been misled and criticized the hacker’s actions.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
Condé Nast has not responded to media questions about the incident so far, and it remains unclear whether more data will be released as threatened.
