A hacker has leaked millions of subscriber records from Wired magazine and is threatening to release an additional 40 million records stolen from its parent company, Condé Nast.
The hacker, who uses the online moniker ‘Lovely’, published the Wired user data on several cybercrime forums in recent days.
An analysis conducted by cybersecurity firm Hudson Rock showed that 2.3 million Wired records have been made available for download.
The leaked information includes names, email addresses, display names, dates of birth, physical addresses, phone numbers, and genders. However, only email addresses appear to be included in all records; the other type of data was exposed only for a relatively small percentage of users. The most recent entries are dated September 2025.
Hudson Rock has confirmed the authenticity of the leaked data by cross-referencing it with subscriber credentials previously compromised by info-stealer malware.
Based on the format of the leaked files, the security firm believes the attacker likely exploited insecure direct object reference (IDOR) flaws and broken access control issues, which enabled the hacker to view and alter data.
The exposed Wired data has been added to the Have I Been Pwned data breach notification service.
After leaking the Wired data, Lovely claimed to have obtained more than 40 million other records from Condé Nast, which the hacker has threatened to make available “over the next few weeks”.
Condé Nast is a media company whose portfolio also includes major publications such as Vogue, Vanity Fair, Glamour, and The New Yorker. The other data records obtained by the hacker may be related to the readers of Condé Nast’s other publications.
The media company does not appear to have issued a statement regarding the cybersecurity incident, and it has not responded to SecurityWeek’s request for comment.
DataBreaches.net was contacted by Lovely in November, claiming they were a researcher who had been unsuccessfully attempting to notify Condé Nast about vulnerabilities in its systems. It later turned out that Lovely was a cybercriminal trying to profit from the hack.
Related: Nissan Confirms Impact From Red Hat Data Breach
Related: 3.5 Million Affected by University of Phoenix Data Breach
Related: 113,000 Impacted by Data Breach at Virginia Mental Health Authority
