Hackers Claim Breach of WIRED Database Containing 2.3 million Subscriber Records
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
Hackers have leaked a database containing over 2.3 million WIRED subscriber records, marking a major breach at Cond\u00e9 Nast, the parent company.<\/p>\n
The threat actor \u201cLovely\u201d claims this is just the start, promising to release up to 40 million more records from brands like Vogue and The New Yorker.<\/a>\u200b<\/p>\n The data dump, posted on hacking forums like Breach Stars and BreachForums around Christmas Day 2025, includes 2.3 million email addresses, 285,936 names, 102,479 home addresses, and 32,426 phone numbers.<\/p>\n Records feature JSON-formatted profiles with fields like user IDs, creation dates from 2011 to 2022, and recent activity up to September 8, 2025. Screenshots from the leak show extensive file lists and redacted subscriber details across Cond\u00e9 Nast sites.<\/a>\u200b<\/p>\n Hudson Rock researchers verified<\/a> the WIRED data\u2019s legitimacy by cross-referencing it with RedLine and Raccoon infostealer<\/a> logs, confirming high-overlap compromised credentials.<\/p>\n The firm warns of a looming 40-million-line breach targeting Cond\u00e9 Nast\u2019s shared identity system, which spans publications including Vanity Fair, GQ, and Architectural Digest. No passwords or payment info appeared in the initial dump, but PII exposure raises risks for phishing, doxing, and swatting.<\/a>\u200b<\/p>\n Attackers exploited Insecure Direct Object References (IDOR) to scrape profiles by iterating through user IDs, resulting in large JSON exports.<\/p>\n Broken access controls<\/a> on account endpoints enabled unauthenticated access to and modification of emails, passwords, and profiles. These flaws in the centralized platform enabled bulk exfiltration without full authentication.<\/a>\u200b<\/p>\n