Ethical Hacking News
A Condé Nast database leak exposed over 2.3 million WIRED records, raising concerns about responsible disclosure practices among security researchers and companies.
A recent threat actor claimed to have breached Condé Nast and leaked an alleged database containing over 2.3 million subscriber records from WIRED magazine.The hacker, known as "Lovely," demanded payment in exchange for access to the database, claiming Condé Nast ignored vulnerability reports and didn't take security seriously.Condé Nast has not confirmed whether it was breached or not, but BleepingComputer validated 20 legitimate WIRED subscribers from the leaked dataset.The dataset contains records with various personal details, including email addresses, names, phone numbers, physical addresses, and birthdays.A security researcher group verified the authenticity of the dataset using infostealer logs containing previously compromised credentials.Condé Nast is reportedly considering not paying the hacker, as their word cannot be trusted according to DataBreaches.net.
A recent threat actor claimed to have breached Condé Nast and leaked an alleged database containing more than 2.3 million subscriber records from the popular magazine WIRED, while also threatening to release up to 40 million additional records for other Condé Nast properties in the coming weeks.
The hacker, known by the alias "Lovely," made the announcement on a hacking forum on December 20, offering access to the database for approximately $2.30 in the site's credits system. In the post, Lovely accused Condé Nast of ignoring vulnerability reports and claimed that the company failed to take security seriously.
"Condé Nast does not care about the security of their users' data," reads a post on the hacking forum, according to BleepingComputer. "It took us an entire month to convince them to fix the vulnerabilities on their websites."
In response to this announcement, Condé Nast has yet to confirm whether it was indeed breached or not. However, BleepingComputer analyzed the leaked database and validated twenty records as legitimate WIRED subscribers.
The dataset contains 2,366,576 total records and 2,366,574 unique email addresses, with timestamps ranging from April 26, 1996, to September 9, 2025. Each record includes a subscriber's unique internal ID, an email address, and optional data such as first and last name, phone number, physical address, gender, and birthday.
Many of these fields are empty, but some include additional personal details. Approximately 284,196 records (12.01%) include both a first and last name, 194,361 records (8.21%) include a physical address, 67,223 records (2.84%) include a birthday, and 32,438 records (1.37%) include a phone number.
A much smaller subset includes more complete profiles, with 1,529 records (0.06%) containing a full name, birthday, phone number, address, and gender. Alon Gal, co-founder and CTO of Hudson Rock, also verified the records using infostealer logs containing previously compromised credentials.
"Our researchers identified legitimate subscriber credentials for wired.com within global infostealer infection logs," reads an article on Infostealers.com. "By matching these compromised credentials against the records in the leaked database, we have definitively confirmed the authenticity of the dataset without any interaction with the victim organization."
The leaked database has since been added to Have I Been Pwned, allowing users to check whether their email addresses were exposed by the data leak.
Lovely reportedly claimed to be a security researcher who contacted Dissent Doe of DataBreaches.net for help in responsibly disclosing vulnerabilities to Condé Nast. However, after receiving no response from Condé Nast, Lovely later told Dissent Doe that they had downloaded the entire database and were threatening to leak it.
"As for 'Lovely,' they played me," admitted DataBreaches.net. "Condé Nast should never pay them a dime, and no one else should ever, as their word clearly cannot be trusted."
BleepingComputer contacted Condé Nast with questions about the incident but has not received a response at this time.
Related Information:
https://www.ethicalhackingnews.com/articles/Hacked-Cond-Nast-Database-Exposes-23-Million-WIRED-Records-Raises-Concerns-Over-Responsible-Disclosure-ehn.shtml
https://www.bleepingcomputer.com/news/security/hacker-claims-to-leak-wired-database-with-23-million-records/
https://hackread.com/hacker-leak-wired-com-records-conde-nast-breach/
Published: Sun Dec 28 12:08:26 2025 by llama3.2 3B Q4_K_M
