A large database allegedly containing subscriber information for Wired magazine has been released on a popular hacking forum, exposing more than 2.3 million records. The threat actor, operating under the alias Lovely, also claims to hold data on roughly 40 million additional users of other Condé Nast brands, raising serious concerns about the protection of personal data in the media sector.
Scale and timeline of the Wired data breach
According to analysis by cybersecurity researchers, the leaked dump contains 2,366,576 records, including 2,366,574 unique email addresses. Timestamps in the database range from 26 April 1996 to 9 September 2025, suggesting that both long-time and recent Wired subscribers are affected, and that the dataset may also include pre-created or system-generated records.
Each record includes an internal user identifier and an email address, along with a varying set of additional attributes. For Wired services, the dataset also contains fields such as displayed username, which can make it easier for attackers to impersonate real users or craft convincing phishing messages.
What personal data Wired subscribers may have had exposed
Data structure and level of sensitivity
Not every record in the Wired database is fully populated, but the exposed information is still highly valuable for cybercriminals. Based on sample statistics shared by analysts, approximately:
• 12.01% of records (284,196 entries) include first and last name
• 8.21% (194,361 records) contain a physical mailing address
• 2.84% (67,223 records) list the subscriber’s date of birth
• 1.37% (32,438 records) include a phone number
• Only 0.06% (1,529 accounts) hold a full profile with name, date of birth, phone number, address and gender
Even a partial combination such as email + full name + physical address is sufficient to enable targeted phishing, identity-based social engineering, and attempts to hijack other online accounts via password reset features. When dates of birth and phone numbers are present, the risk of identity theft and cross-correlation with other breaches increases significantly. Industry reports such as the Verizon Data Breach Investigations Report consistently show that phishing and social engineering remain among the most effective initial attack vectors.
How the Wired subscribers database was obtained and traded
The Wired subscription database was posted on an underground forum in late December. Access to the archive was initially sold for the equivalent of about US$2.30 in the forum’s internal currency. After the first sale, the dump quickly propagated to other illicit platforms, where some operators also charge for the archive password, demonstrating the commercialization of stolen data in the cybercrime ecosystem.
In accompanying posts, Lovely criticizes Condé Nast, accusing the company of ignoring vulnerability reports and reacting too slowly to security notifications, allegedly taking “an entire month” to fix reported issues. The attacker claims to have compromised subscribers’ data for multiple Condé Nast titles, including The New Yorker, Vogue, Vanity Fair, Glamour, GQ, Allure, Architectural Digest, Golf Digest, Teen Vogue, SELF, Epicurious, Men’s Journal, Condé Nast Traveler and others.
From claimed “researcher” to confirmed threat actor
Before publishing the full dump, Lovely reportedly approached the breach notification project DataBreaches.net, presenting himself as a security researcher seeking to perform responsible disclosure of vulnerabilities at Condé Nast. In late November, he claimed to have found flaws that allowed him to view and modify subscriber account details.
Initially, Lovely stated he had downloaded only a minimal subset of records sufficient to demonstrate the issue, including accounts belonging to Wired employees and to DataBreaches.net. When his demands and expectations were not met, he escalated, asserting that he had obtained the entire Wired subscribers database and threatening to release it publicly. DataBreaches.net has emphasized that Lovely’s conduct is consistent with a malicious actor rather than a legitimate researcher and advised organizations not to pay any form of ransom or “reward” in such circumstances.
Verification of the leak and industry response
Condé Nast has not released detailed public comments about the incident. However, journalists from BleepingComputer manually verified 20 randomly selected records from the dump and confirmed that they belong to real Wired subscribers. Cybercrime intelligence firm Hudson Rock also cross-referenced a subset of the exposed data with logs from information-stealing malware and validated the authenticity of part of the dataset.
The leaked database has already been added to the widely used breach monitoring service Have I Been Pwned. This allows users to check whether their email address appears in the Wired leak and to receive alerts about potential exposure. Integration with services like Have I Been Pwned has become standard practice for major data breaches, improving transparency and early warning for affected individuals.
Risks for affected Wired and Condé Nast subscribers
For most impacted users, the primary consequences are likely to be an increase in targeted spam, spear-phishing emails and credential stuffing attacks on other online services. When names, addresses or phone numbers are available, attackers can craft highly convincing social engineering scenarios, such as fake support tickets, delivery notifications or banking alerts designed to trick users into disclosing credentials or payment details.
Security best practices for all Wired and Condé Nast subscribers include: checking their address on Have I Been Pwned; enabling multi-factor authentication (MFA) on email, social media and financial services; treating any unsolicited message requesting credentials or payment information with heightened suspicion; and using unique, strong passwords for each online account, ideally managed via a reputable password manager.
Strategic cybersecurity lessons for media companies
This incident underlines the need for media organizations to adopt proactive cybersecurity programs. Key measures include regular penetration testing, robust and clearly documented vulnerability disclosure processes, minimizing the volume of personal data collected and retained, strict segmentation and access control for customer databases, and rapid triage of reports from the security community.
At a time when leaks are routinely aggregated, traded and correlated across multiple data sources, the reputational, legal and regulatory impact of a subscriber database breach can rival — or exceed — direct financial losses. Media companies that invest early in secure architectures, privacy-by-design principles and effective incident response not only reduce their exposure to attacks like the Wired subscribers breach, but also strengthen audience trust in an environment where digital privacy is under constant pressure.
