Ethical Hacking News
Crims punish Wired subscribers by publishing personal info
A group of hackers, known as Lovely, claimed to have stolen approximately 40 million pieces of sensitive information from Conde Nast, including email addresses, home addresses, phone numbers, user IDs, display names, account creation and update timestamps, and in some cases, last session dates and IP addresses. The attack culminated in the publication of 2.3 million emails belonging to subscribers of Wired magazine, along with the names of 285,000 subscribers, 108,000 home addresses, and 32,000 phone numbers.
Conde Nast, a publisher of magazines like Wired, was hacked by group Lovely, resulting in the theft of approximately 40 million pieces of sensitive information. The hackers published 2.3 million emails and personal data of 285,000 subscribers on Christmas Day, leaving the publisher scrambling to respond. Conde Nast's lack of urgency in addressing website security vulnerabilities was criticized by Lovely, who claimed that "Conde Nast does not care about the security of their users' data." The attack raised concerns about potential follow-up attacks like doxxing and phishing campaigns, but no credit card information was exposed. Organizations must prioritize user data security and take swift action in response to potential vulnerabilities on their websites.
Crims punish Wired subscribers by publishing personal info
A devastating cyberattack has left Conde Nast, a prominent publisher of magazines such as Wired, The New Yorker, and Vanity Fair, reeling from the consequences of its own negligence. A group of hackers, known as Lovely, claimed to have stolen approximately 40 million pieces of sensitive information from Conde Nast, including email addresses, home addresses, phone numbers, user IDs, display names, account creation and update timestamps, and in some cases, last session dates and IP addresses.
The attack, which began a month ago when Lovely attempted to inform Conde Nast about the vulnerabilities on its website, culminated in the publication of 2.3 million emails belonging to subscribers of Wired magazine, along with the names of 285,000 subscribers, 108,000 home addresses, and 32,000 phone numbers. This data was subsequently published on Christmas Day, leaving the publisher scrambling to respond.
The Lovely group claimed that they were left frustrated by Conde Nast's lack of urgency in addressing the security vulnerabilities on its website, stating that "Conde Nast does not care about the security of their users' data." The hackers further threatened to release more sensitive information over the coming weeks, sending a chilling warning to other organizations with similar negligence.
Security researchers who downloaded the stolen dataset confirmed that the email addresses released by Lovely appear to match subscribers whose emails have been compromised. Researchers from Hudson Rock identified legitimate subscriber credentials for wired.com within global infostealer infection logs and matched these against the records in the leaked database, definitively confirming the authenticity of the dataset without any interaction with the victim organization.
The attack has raised concerns about potential follow-up attacks such as doxxing, swatting, and phishing campaigns. However, it is worth noting that no credit card information was exposed, which could mitigate some of the damage inflicted by this breach.
This incident highlights the need for organizations to prioritize their users' data security and take swift action in response to potential vulnerabilities on their websites. The lack of urgency displayed by Conde Nast in addressing these vulnerabilities has severe consequences, as we have witnessed in this case.
Furthermore, this attack underscores the importance of continuous vigilance in the face of cyber threats. Organizations must remain proactive in identifying and addressing security vulnerabilities, ensuring that they take swift action to protect their users' sensitive information.
The publication of stolen personal data by hackers such as Lovely highlights the need for organizations to prioritize user data security and implement robust measures to prevent similar breaches in the future. By taking proactive steps to address security vulnerabilities, organizations can minimize the risk of such devastating attacks and safeguard their users' sensitive information.
In conclusion, this incident serves as a stark reminder of the importance of prioritizing user data security and taking swift action in response to potential vulnerabilities on one's website. Organizations must remain vigilant in the face of cyber threats and take proactive steps to protect their users' sensitive information.
Related Information:
https://www.ethicalhackingnews.com/articles/Crims-Publish-Stolen-Personal-Data-of-40-Million-Conde-Nast-Subscribers-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/12/29/wired_hack_subscriber_info_leaked/
https://tornews.com/news/data-breaches/conde-nast-wired-subscriber-data-breach/
https://haveibeenpwned.com/Breach/WIRED
https://www.socinvestigation.com/comprehensive-list-of-apt-threat-groups-motives-and-attack-methods/
https://socradar.io/blog/top-10-advanced-persistent-threat-apt-groups-2024/
Published: Mon Dec 29 13:43:02 2025 by llama3.2 3B Q4_K_M
