Cybersecurity Alert: Hacker Leaks Data of 2.3 Million Wired.com Users, Claims Larger Condé Nast Breach
On December 20, 2025, a hacker operating under the alias "Lovely" leaked what they claim is the personal data of over 2.3 million Wired.com users on the newly launched hacking forum Breach Stars. The leaked dataset includes full names, email addresses, user IDs, display names, account creation timestamps, and in some cases, last session dates—though no passwords or payment information were exposed. The data spans accounts created between 2011 and 2022, with some records showing recent activity, suggesting a breach of a live or archived user database.
The hacker accused Condé Nast, Wired’s parent company, of neglecting security warnings, stating they had spent a month attempting to alert the company before resorting to the leak. In a provocative message, they threatened to release data from over 40 million additional accounts across Condé Nast’s portfolio in the coming weeks. The leaked breakdown includes records from brands such as GQ (994K), Vogue (1.9M), The New Yorker (6.8M), and Bon Appétit (2M), among others. An entry labeled "NIL" with 9.5 million accounts remains unidentified, while smaller segments suggest the breach may involve centralized account infrastructure.
Prior to the leak, the hacker had contacted journalists, including DataBreaches.net, posing as a security researcher before shifting to threats of public exposure. The method of the breach remains undisclosed, though analysis by Hackread.com confirms the legitimacy of the leaked Wired data. Condé Nast has yet to issue a public statement confirming or denying the incident. Until an official response is provided, the claims and leaked data remain unverified.
Source: https://hackread.com/hacker-leak-wired-com-records-conde-nast-breach/
GQ Magazine cybersecurity rating report: https://www.rankiteo.com/company/gq-magazine
Condé Nast Britain cybersecurity rating report: https://www.rankiteo.com/company/condénastbritain
Condé Nast cybersecurity rating report: https://www.rankiteo.com/company/conde-nast
WIRED cybersecurity rating report: https://www.rankiteo.com/company/wired
Selfridges Group cybersecurity rating report: https://www.rankiteo.com/company/selfridges-group
Glamour cybersecurity rating report: https://www.rankiteo.com/company/glamour
Condé Nast cybersecurity rating report: https://www.rankiteo.com/company/conde-nast
Condé Nast cybersecurity rating report: https://www.rankiteo.com/company/conde-nast
Condé Nast cybersecurity rating report: https://www.rankiteo.com/company/conde-nast
"id": "GQ-CONCONWIRSELGLACONCONCON1766865597",
"linkid": "gq-magazine, condénastbritain, conde-nast, wired, selfridges-group, glamour, conde-nast, conde-nast, conde-nast",
"type": "Breach",
"date": "12/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '2,366,576',
'industry': 'Media/Publishing',
'location': 'United States',
'name': 'Wired.com',
'size': 'Large (subsidiary of Condé Nast)',
'type': 'Online Magazine/Website'},
{'customers_affected': 'Over 40 million (across '
'multiple brands)',
'industry': 'Media/Publishing',
'location': 'United States',
'name': 'Condé Nast (Parent Company)',
'size': 'Enterprise',
'type': 'Media Conglomerate'}],
'data_breach': {'data_exfiltration': 'Yes (leaked on hacking forum)',
'number_of_records_exposed': '2,366,576 (Wired.com); over 40 '
'million (Condé Nast properties)',
'personally_identifiable_information': ['Full names',
'Email addresses',
'User IDs'],
'sensitivity_of_data': 'Moderate (PII exposed but no '
'passwords or payment data)',
'type_of_data_compromised': ['Full names',
'Email addresses',
'User IDs',
'Display names',
'Account creation/update '
'timestamps',
'Last session dates']},
'date_publicly_disclosed': '2025-12-20',
'description': "A hacker using the alias 'Lovely' leaked personal data of "
'over 2.3 million Wired.com users, accusing Condé Nast of '
'ignoring security warnings. The data includes full names, '
'email addresses, user IDs, display names, and account '
'timestamps but no passwords or payment information. The '
'hacker claims access to over 40 million accounts across Condé '
'Nast properties.',
'impact': {'brand_reputation_impact': 'Potential damage to Condé Nast and '
'Wired.com reputation',
'data_compromised': '2,366,576 Wired.com user records; over 40 '
'million records across Condé Nast properties',
'identity_theft_risk': 'High (exposed PII like names and email '
'addresses)',
'legal_liabilities': 'Potential regulatory violations (e.g., GDPR, '
'CCPA)',
'payment_information_risk': 'None (no payment data exposed)',
'systems_affected': 'Wired.com user database or shared Condé Nast '
'identity platform'},
'initial_access_broker': {'data_sold_on_dark_web': 'Potential (hacker '
'threatened to leak more '
'data)',
'reconnaissance_period': '1 month (claimed time to '
'convince Condé Nast to '
'fix vulnerabilities)'},
'investigation_status': 'Ongoing (unverified by Condé Nast)',
'motivation': 'Retaliation for ignored security warnings, potential financial '
'gain (data sold on dark web)',
'references': [{'date_accessed': '2025-12-20', 'source': 'Hackread.com'},
{'source': 'DataBreaches.net'}],
'regulatory_compliance': {'regulations_violated': ['Potential GDPR',
'Potential CCPA']},
'threat_actor': 'Lovely',
'title': "Wired.com User Data Leak by Hacker 'Lovely'",
'type': 'Data Breach'}