Hacker claims to leak WIRED database with 2.3 million records

Published:

28 december 2025 om 17:57:34

Alert date:

28 december 2025 om 18:02:07

Source:

bleepingcomputer.com

Data Breach & Exfiltration, Web Technologies

A hacker claims to have breached Condé Nast and leaked an alleged WIRED database containing more than 2.3 million subscriber records. The threat actor warns they plan to release up to 40 million additional records for other Condé Nast properties. This represents a significant data breach affecting millions of users across multiple media properties owned by the publishing company.

Technical details

A threat actor named 'Lovely' claims to have breached Condé Nast and leaked a WIRED database containing 2,366,576 total records and 2,366,574 unique email addresses with timestamps ranging from April 26, 1996, to September 9, 2025. Each record includes subscriber's unique internal ID, email address, and optional data such as first/last name, phone number, physical address, gender, and birthday. The actor exploited vulnerabilities that allegedly allowed viewing and modifying user account information. Data was leaked on hacking forums for approximately $2.30 in forum credits. The breach has been verified by matching records against infostealer logs and legitimate subscriber credentials.

Mitigation steps:

Users should check if their email addresses were exposed using Have I Been Pwned service. The leaked database has been added to Have I Been Pwned for verification. Affected individuals should monitor their accounts for suspicious activity and consider changing passwords for related services.

Affected products:

Condé Nast websites
WIRED
The New Yorker
Epicurious
SELF
Vogue
Allure
Vanity Fair
Glamour
Men's Journal
Architectural Digest
Golf Digest
Teen Vogue
Style.com
Condé Nast Traveler