A hacker has claimed to have hacked the American media company Condé Nast and released an alleged database of WIRED, containing over 2.3 million subscriber records. The attacker also warned of his intention to make up to 40 million more records related to other Condé Nast publications, including Vogue, The New Yorker, and others, publicly available.
A hacker has claimed to have hacked the American media company Condé Nast and released an alleged database of WIRED, containing over 2.3 million subscriber records. The attacker also warned of his intention to make up to 40 million more records related to other Condé Nast publications, including Vogue, The New Yorker, and others, publicly available.
On December 20, a hacker using the alias Lovely posted the database on a hacking forum, offering access for about $2.30 through the site's credit system. In the post, Lovely accused Condé Nast of ignoring vulnerability reports and said the company doesn't take security seriously, BleepingComputer reports .
“Condé Nast doesn’t care about the security of their users’ data. It took us a whole month to convince them to fix vulnerabilities on their websites,” a post on a hacking forum reads. “We will be leaking even more of their users’ data (over 40 million) over the next few weeks. Enjoy!”
The same person later posted the data on other hacking forums, where users also had to spend forum credits to reveal the password to the archive containing the data.
Lovely also shared a number of entries for other Condé Nast properties, which are likely to include The New Yorker, Epicurious, SELF, Vogue, Allure, Vanity Fair, Glamour, Men's Journal, Architectural Digest, Golf Digest, Teen Vogue, Style.com, and Condé Nast Traveler.
While Condé Nast has yet to confirm the breach, BleepingComputer analyzed the leaked database and was able to confirm twenty records as legitimate WIRED subscribers.
The dataset contains a total of 2,366,576 records and 2,366,574 unique email addresses with timestamps ranging from April 26, 1996 to September 9, 2025.
Each record contains a unique internal subscriber ID, email address, and additional data such as first and last name, phone number, physical address, gender, and date of birth. Many of these fields are blank.
The records also contain account creation and update timestamps, last session information, and WIRED-specific fields such as the username to display and the dates the WIRED account was created and updated.
Although many record fields are empty, some contain additional personal data.
Approximately 284,196 records (12.01%) contain both a first and last name, 194,361 records (8.21%) contain a physical address, 67,223 records (2.84%) contain a date of birth, and 32,438 records (1.37%) contain a telephone number.
A much smaller portion of the database consists of extended profiles — 1,529 records (0.06%) containing sensitive information such as the user's full name, date of birth, phone number, physical address, and gender.
Researchers at cybersecurity firm Hudson Rock have discovered the real credentials of wired.com subscribers in global infostealer infection logs.
“By matching these compromised credentials to records in the merged database, we conclusively confirmed the authenticity of the dataset without engaging in any interaction with the affected organization,” the article on Infostealers.com states.
The stolen database has since been added to the Have I Been Pwned service, which allows users to check if their email addresses were included in the leak.
