Hacker claims Condé Nast breach, leaking 2.3M WIRED subscriber records and threatening to expose up to 40M more from other brands.
A hacker known as “Lovely” claims to have leaked personal data of over 2.3 million Wired.com users. The data was allegedly posted on December 20, 2025, on the new Breach Stars hacking forum, with a download link and file hash. The hacker accused Condé Nast, Wired’s parent company, of ignoring multiple security warnings prior to the breach.
Lovely claims that Condé Nast does not care about the security of its users and ignores vulnerability reports.
“Condé Nast does not care about the security of their users’ data. It took us an entire month to convince them to fix the vulnerabilities on their websites. We will leak more of their users’ data (40+ million) over the next few weeks. Enjoy!” reads the message published by Lovely on the hacking forum.
Lovely initially posed as a security researcher seeking responsible disclosure help for Condé Nast vulnerabilities, but later admitted downloading the full database and threatening to leak it, misleading DataBreaches.net.
The hacker claims access to a centralized Condé Nast account system covering over 40 million users across major brands, including The New Yorker, Wired, Vogue, GQ, and others. Lovely is threatening to release the personal data of up to 40 million users.
Hackread reported that the dataset also includes nearly 9.5 million records labeled “NIL” and smaller international segments, reinforcing the idea of a shared identity infrastructure.
Compromised data includes full names, email addresses, user ID, display names, account creation and update timestamps, and in some cases, last session dates.
The leaked dataset includes both system-generated Wired.com emails used for testing and real personal email addresses, confirming genuine user accounts dating back to 2011. Account creation dates range from 2011 to 2022, with mixed session activity.
No password or payment information was exposed.
Hudson Rock co-founder Alon Gal confirmed the leak’s authenticity by matching Wired.com records with infostealer logs containing compromised credentials.
“Hudson Rock researchers have authenticated the 2.3 million record WIRED leak using infostealer infection data. More alarmingly, the hacker claims that a much larger database consisting of 40,000,000 lines related to Condé Nast will be released soon. This impending leak is expected to impact major publications including Vogue, The New Yorker, and Vanity Fair.” reads the report published on the company website Infostealers.
“Our validation of the current data confirms it is legitimate and fresh, with entries as recent as September 8, 2025.”
Gal pointed out that the leak of over 102,000 home addresses raises serious risks. A larger release could enable doxing, swatting, and highly targeted spear-phishing using Condé Nast brand context.
The dataset is now listed on Have I Been Pwned.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, data breach)
