2.3M Subscriber Database Leaked from WIRED in Web App Breach
A threat actor using the alias “Lovely” claims to have breached Condé Nast and leaked an alleged WIRED subscriber database containing more than 2.3 million records, while warning that up to 40 million additional records tied to other Condé Nast properties may follow. The data was first posted to hacking forums on December 20, with access sold for a nominal amount of forum credits. The leaked database spans nearly three decades (1996–2025) and includes email addresses, internal account IDs, timestamps, names, physical addresses, phone numbers, birthdays, and other profile attributes.
The actor claims the breach stemmed from unaddressed web application vulnerabilities, accusing Condé Nast of ignoring responsible disclosure attempts. While initially posing as a security researcher, the individual ultimately exfiltrated and leaked the full dataset after allegedly receiving no response. The exposure extends beyond WIRED, with record counts allegedly tied to properties including Vogue, The New Yorker, Vanity Fair, Architectural Digest, Condé Nast Traveler, and others, significantly increasing the potential blast radius.
This incident highlights the urgent need for continuous, unified cyber risk management across large digital publishing and media ecosystems. Organizations must integrate network security monitoring, vulnerability scanning, attack surface management, threat hunting, digital forensics, and breach analytics into a single operational view with a platform like NIKSUN. By correlating signals across networks, CVEs, endpoints, and threat intelligence feeds, security teams can detect vulnerability exploitation earlier, validate disclosure claims faster, and prevent mass data exfiltration. In high-volume consumer platforms, fragmented security controls create exploitable gaps - only a unified, intelligence-driven security and observability platform can deliver the visibility, accountability, and rapid response required to protect user trust at scale. Read more about this story on our LinkedIn page
The actor claims the breach stemmed from unaddressed web application vulnerabilities, accusing Condé Nast of ignoring responsible disclosure attempts. While initially posing as a security researcher, the individual ultimately exfiltrated and leaked the full dataset after allegedly receiving no response. The exposure extends beyond WIRED, with record counts allegedly tied to properties including Vogue, The New Yorker, Vanity Fair, Architectural Digest, Condé Nast Traveler, and others, significantly increasing the potential blast radius.
This incident highlights the urgent need for continuous, unified cyber risk management across large digital publishing and media ecosystems. Organizations must integrate network security monitoring, vulnerability scanning, attack surface management, threat hunting, digital forensics, and breach analytics into a single operational view with a platform like NIKSUN. By correlating signals across networks, CVEs, endpoints, and threat intelligence feeds, security teams can detect vulnerability exploitation earlier, validate disclosure claims faster, and prevent mass data exfiltration. In high-volume consumer platforms, fragmented security controls create exploitable gaps - only a unified, intelligence-driven security and observability platform can deliver the visibility, accountability, and rapid response required to protect user trust at scale. Read more about this story on our LinkedIn page