Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

Hacker Claims Theft of 40 Million Condé Nast Records After Wired Data Leak

A hacker named Lovely made public 2.3 million records representing Wired subscriber information.

Wired data leak

A hacker has leaked millions of subscriber records from Wired magazine and is threatening to release an additional 40 million records stolen from its parent company, Condé Nast.

The hacker, who uses the online moniker ‘Lovely’, published the Wired user data on several cybercrime forums in recent days. 

An analysis conducted by cybersecurity firm Hudson Rock showed that 2.3 million Wired records have been made available for download.

The leaked information includes names, email addresses, display names, dates of birth, physical addresses, phone numbers, and genders. However, only email addresses appear to be included in all records; the other type of data was exposed only for a relatively small percentage of users. The most recent entries are dated September 2025.

Hudson Rock has confirmed the authenticity of the leaked data by cross-referencing it with subscriber credentials previously compromised by info-stealer malware.

Based on the format of the leaked files, the security firm believes the attacker likely exploited insecure direct object reference (IDOR) flaws and broken access control issues, which enabled the hacker to view and alter data.

The exposed Wired data has been added to the Have I Been Pwned data breach notification service.

Advertisement. Scroll to continue reading.

After leaking the Wired data, Lovely claimed to have obtained more than 40 million other records from Condé Nast, which the hacker has threatened to make available “over the next few weeks”.

Condé Nast is a media company whose portfolio also includes major publications such as Vogue, Vanity Fair, Glamour, and The New Yorker. The other data records obtained by the hacker may be related to the readers of Condé Nast’s other publications. 

The media company does not appear to have issued a statement regarding the cybersecurity incident, and it has not responded to SecurityWeek’s request for comment.

DataBreaches.net was contacted by Lovely in November, claiming they were a researcher who had been unsuccessfully attempting to notify Condé Nast about vulnerabilities in its systems. It later turned out that Lovely was a cybercriminal trying to profit from the hack.

Related: Nissan Confirms Impact From Red Hat Data Breach

Related: 3.5 Million Affected by University of Phoenix Data Breach

Related: 113,000 Impacted by Data Breach at Virginia Mental Health Authority

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

Mark Carter has been appointed Chief Information Security Officer at Socure.

Spektrum Labs has named Mark Cravotta Chief Operating Officer.

More People On The Move

Expert Insights

Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.